Bug 1430988

Summary: Permission denied when reloading virtlogd
Product: Red Hat Enterprise Linux 7 Reporter: Fangge Jin <fjin>
Component: libvirtAssignee: Pavel Hrdina <phrdina>
Status: CLOSED ERRATA QA Contact: Fangge Jin <fjin>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: dyuan, ekuris, fan-wxa, rbalakri, xuzhang, yafu, zpeng
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-3.7.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 10:42:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1389374    
Attachments:
Description Flags
virtlogd log
none
backtrace none

Description Fangge Jin 2017-03-10 03:53:21 UTC 
Created attachment 1261769 [details]
virtlogd log

Description of problem:
1) The guest includes a file-backend serial device as below:
    <serial type='file'>
      <source path='/var/log/libvirt/qemu/log' append='off'/>
      <log file='/var/log/libvirt/qemu/guestname-serial0.log' append='off'/>
      <target port='0'/>
      <alias name='serial0'/>
    </serial>

2) Start guest, then reload virtlogd, virtlogd will fail to open the backend file and exited with two possible status:

a. At some times, virtlogd crashed:
# systemctl status virtlogd
● virtlogd.service - Virtual machine log manager
   Loaded: loaded (/usr/lib/systemd/system/virtlogd.service; indirect; vendor preset: disabled)
   Active: failed (Result: core-dump) since Thu 2017-03-09 05:16:38 EST; 11s ago
     Docs: man:virtlogd(8)
           http://libvirt.org
  Process: 24245 ExecReload=/bin/kill -USR1 $MAINPID (code=exited, status=0/SUCCESS)
  Process: 23771 ExecStart=/usr/sbin/virtlogd $VIRTLOGD_ARGS (code=dumped, signal=SEGV)
 Main PID: 23771 (code=dumped, signal=SEGV)

b. At some times, virtlogd exited with status=3:
# systemctl status virtlogd
● virtlogd.service - Virtual machine log manager
   Loaded: loaded (/usr/lib/systemd/system/virtlogd.service; indirect; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2017-03-09 22:21:25 EST; 2s ago
     Docs: man:virtlogd(8)
           http://libvirt.org
  Process: 28655 ExecReload=/bin/kill -USR1 $MAINPID (code=exited, status=0/SUCCESS)
  Process: 28553 ExecStart=/usr/sbin/virtlogd $VIRTLOGD_ARGS (code=exited, status=3)
 Main PID: 28553 (code=exited, status=3)

3) Check the virtlogd.log:
error : virRotatingFileWriterEntryNew:113 : Unable to open file: /var/log/libvirt/qemu/log: Permission denied


Version-Release number of selected component:
libvirt-3.1.0-2.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Start guest

2.Reload virtlogd
# systemctl reload virtlogd

3. Check the virtlogd status

Actual results:
virtlogd met "permission denied" and failed to reload

Expected results:
virtlogd reload successfully
Comment 2 Fangge Jin 2017-03-10 03:59:25 UTC 
Created attachment 1261770 [details]
backtrace
Comment 3 Fangge Jin 2017-03-10 04:54:32 UTC 
The audit log:
time->Thu Mar  9 22:27:45 2017
type=SYSCALL msg=audit(1489116465.428:100691): arch=c000003e syscall=2 success=no exit=-13 a0=7fa9883f6420 a1=80441 a2=180 a3=7fa9883f5b80 items=0 ppid=1 pid=28818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="virtlogd" exe="/usr/sbin/virtlogd" subj=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1489116465.428:100691): avc:  denied  { dac_override } for  pid=28818 comm="virtlogd" capability=1  scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tclass=capability
Comment 4 Fangge Jin 2017-03-10 05:51:13 UTC 
I seems that the failed status depends on the log_level of virtlogd:
a. when log_level is set to 1 in virtlogd.conf, virtlogd crashed
b. when log_level is set to the default value in virtlogd.conf, virtlogd exited with status=3
Comment 5 Pavel Hrdina 2017-06-16 15:00:48 UTC 
Upstream commit:

commit e13e8808f9270f4b3b6f4abb8ec473eef81cc1b9
Author: Pavel Hrdina <phrdina>
Date:   Mon May 29 14:27:51 2017 +0200

    security: don't relabel chardev source if virtlogd is used as stdio handler

v3.4.0-129-ge13e8808f9
Comment 7 Fangge Jin 2017-10-24 04:15:40 UTC 
Verify pass with libvirt-3.8.0-1.virtcov.el7.x86_64
Comment 8 Ján Tomko 2017-11-24 14:09:56 UTC 
*** Bug 1483466 has been marked as a duplicate of this bug. ***
Comment 9 Artom Lifshitz 2018-02-23 01:27:28 UTC 
*** Bug 1541268 has been marked as a duplicate of this bug. ***
Comment 13 errata-xmlrpc 2018-04-10 10:42:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0704