Bug 1322837

Summary: Setting LIBGUESTFS_HV causes security context to be reset
Product: [Community] Virtualization Tools Reporter: Richard W.M. Jones <rjones>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: ptoscano
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Richard W.M. Jones 2016-03-31 12:23:10 UTC 
Description of problem:

In bug 912499 we found that certain readonly tools (like virt-df)
would cause live guests to crash.  The reason is that these tools
would change the SELinux label on the guest's disk, and the guest
would suddenly lose access to its disk.  This was fixed upstream.

However the fix is faulty.  If LIBGUESTFS_HV is set (or the handle
hv is set in some other way) then the libvirt backend does not do
the label copying dance, and that can result in the above failure.

You can demonstrate this fairly easily:

(1) Choose the libvirt backend.

(2) Set LIBGUESTFS_HV to point to your qemu.

(3) Run the tests in the python subdirectory.

The regression test python/t/test820RHBZ912499.py will fail.

Version-Release number of selected component (if applicable):

libguestfs 1.33.16

How reproducible:

100%

Steps to Reproduce:
1. See above.

Additional info:

https://bugzilla.redhat.com/show_bug.cgi?id=912499
https://www.redhat.com/archives/libguestfs/2016-March/thread.html#00242