Bug 1465788

Summary: /virt/install with qemu-kvm-2.9.0 fails due to AVC from virtlogd
Product: [Retired] Beaker Reporter: Jan Stancek <jstancek>
Component: testsAssignee: Dan Callaghan <dcallagh>
Status: CLOSED CURRENTRELEASE QA Contact: tools-bugs <tools-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 24CC: asavkov, dcallagh, jburke, jracek, mjia, pbunyan, rjoost
Target Milestone: 24.4   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-07 06:22:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Stancek 2017-06-28 08:14:33 UTC 
Description of problem:
e59595f01362 "virt/install: don't use virtlogd" introduced a change which disabled virtlogd for virt jobs in the config. But on recent distros a restart of 'libvirtd' is also required, otherwise libvirt still tries to use virtlogd.

The problem starts after rebase from qemu-kvm-1.5.3 to qemu-kvm-2.9.0, which now has new capability "QEMU_CAPS_CHARDEV_FILE_APPEND":

qemuBuildChrChardevStr():
        if (qemuBuildChrChardevFileStr(virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_FILE_APPEND) ?
                                       logManager : NULL, cmd, def, &buf,
                                       "path", dev->data.file.path,
                                       "append", dev->data.file.append) < 0) {

/virt/install creates empty console log file ahead of installing guest, so that logguestconsoles can set up a inotify watch on it. With new qemu-kvm however, the label doesn't get reset by libvirt and stays as tmp_t. When virtlogd tries to remove that file (because after Bug 1420205 default action is truncate) it fails and that stops guest installation.

See also:

Bug 1437501 - avc: denied { unlink } for pid=11477 comm="virtlogd" scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0

Bug 1464525 - [kernel-alt][RHEL-ALT-7.4-20170620.n.0] avc: denied { unlink } for pid=12110 comm="virtlogd" name="x86_64_kvm_1cpu_console.log"

Bug 1420205 comment 3 - For console device, default value of append attribute is not consistent with the document


Version-Release number of selected component (if applicable):
distribution-virt-install-4_0-94

How reproducible:
100%

Steps to Reproduce:
1. run virt/install on recent RHEL-ALT distro

Actual results:
guest installation fails

Expected results:
guests can be installed

Additional info:
Comment 1 Jan Stancek 2017-06-28 08:19:41 UTC 
Posted:
  https://gerrit.beaker-project.org/5717
Comment 3 Dan Callaghan 2017-07-07 04:19:38 UTC 
Tagged /distribution/virt/install 4.0-95 and /distribution/virt/image-install 1.0-9.