Bug 1266628

Summary:	libvirt 1.2.18.1 tries to change ownership of ISOs even though dynamic_ownership is set to 0
Product:	[Fedora] Fedora	Reporter:	Adam Williamson <awilliam>
Component:	libvirt	Assignee:	Libvirt Maintainers <libvirt-maint>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	23	CC:	agedosier, berrange, clalancette, crobinso, itamar, jforbes, laine, libvirt-maint, veillard, virt-maint
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	All
Whiteboard:
Fixed In Version:	libvirt-1.2.18.1-2.fc23	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:
Clones:	1267154 (view as bug list)		Environment:
Last Closed:	2015-10-09 06:14:44 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Adam Williamson 2015-09-25 22:01:04 UTC

[root@adam libvirt]# grep dynamic /etc/libvirt/qemu.conf
# Whether libvirt should dynamically change file ownership
dynamic_ownership = 0

yet, with libvirt 1.2.18.1, when I start a VM, it tries to change ownership of the ISO file attached to it (and fails, as it's on a network share). This prevents me running any VMs, in my setup.

Downgraded to 1.2.18, it works fine.

I kinda suspect this change:

https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=f4c60dfbf2ec606a5fc148b4c6ff1cd17ffd79ec

which adds a virSecurityDACSetOwnership call which is not protected by a block like this:

    if (!priv->dynamicOwnership)
        return 0;

which several of the others are. But not *all* of them are, and I'm not 100% sure exactly what that virSecurityDACDomainSetDirLabel() is for or what it operates on, so IMBW.

Comment 1 Cole Robinson 2015-09-28 23:55:07 UTC

Thanks for the report... you were in the right ballpark but the breakage is a bit more subtle. Patch posted upstream:

https://www.redhat.com/archives/libvir-list/2015-September/msg01000.html

Comment 2 Adam Williamson 2015-09-29 00:16:58 UTC

Haha, whoops. :)

Comment 3 Fedora Update System 2015-10-06 21:11:29 UTC

libvirt-1.2.18.1-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-94b173da51

Comment 4 Fedora Update System 2015-10-07 16:27:40 UTC

libvirt-1.2.18.1-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update libvirt'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-94b173da51

Comment 5 Fedora Update System 2015-10-09 06:14:39 UTC

libvirt-1.2.18.1-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.