Bug 1465833
| Summary: | Permission denied when hotplug the chardev with source path as "dev/ttyS0" to the guest | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | yafu <yafu> |
| Component: | libvirt | Assignee: | Pavel Hrdina <phrdina> |
| Status: | CLOSED ERRATA | QA Contact: | chhu |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | dyuan, fjin, jishao, lmiksik, mprivozn, phrdina, rbalakri, xuzhang, yalzhang, zpeng |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-3.9.0-6.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-04-10 10:50:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1473046 | ||
I think this is fixed upstream by:
commit e93d844b90aab2676a1ad910a165c9c83c99de3d
Author: Michal Privoznik <mprivozn>
AuthorDate: Mon Jun 19 17:05:31 2017 +0200
Commit: Michal Privoznik <mprivozn>
CommitDate: Tue Jul 11 14:45:15 2017 +0200
qemu ns: Create chardev backends more frequently
Currently, the only type of chardev that we create the backend
for in the namespace is type='dev'. This is not enough, other
backends might have files under /dev too. For instance channels
might have a unix socket under /dev (well, bind mounted under
/dev from a different place).
Signed-off-by: Michal Privoznik <mprivozn>
Reviewed-by: John Ferlan <jferlan>
It is part of the 3.6.0 release. This commit was a part of bigger patch set that tried to fix bug 1462060. Therefore I suggest closing this one as a duplicate of that one.
That patch is not good enough, the permission denied failure is still valid. Upstream patches posted: https://www.redhat.com/archives/libvir-list/2017-December/msg00020.html Upstream commit:
commit 1c57eea3625f59a80bea08d8779837a40acc4660
Author: Pavel Hrdina <phrdina>
Date: Fri Dec 1 13:10:35 2017 +0100
qemu: fix security labeling for attach/detach of char devices
Reproduced on packages:
libvirt-3.2.0-14.el7_4.7.x86_64
qemu-kvm-rhev-2.9.0-16.el7_4.13.x86_64
Verified on packages:
libvirt-3.9.0-6.el7.x86_64
qemu-kvm-rhev-2.10.0-14.el7.x86_64
Test steps:
1. Start a guest.
2. Prepare a chardev with source path as "/dev/ttyS0".
#cat console.xml
<console type='dev'>
<source path='/dev/ttyS0'/>
<target type='virtio' port='1'/>
</console>
3. Attach the chardev to the running guest successfully.
# virsh attach-device r7 console.xml
Device attached successfully
# virsh dumpxml r7|grep -A5 ttyS0
<source path='/dev/ttyS0'/>
<target type='virtio' port='1'/>
<alias name='console1'/>
</console>
4. Login to the guest, check there is new added: /dev/vport1p0
5. Detach the chardev from the running guest successfully,
login to the guest, check /dev/vport1p0 is no longer exist.
# virsh detach-device r7 console.xml
Device detached successfully
# virsh dumpxml r7|grep -A5 console
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
According to the test above, set the status to "VERIFIED".
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:0704 |
Description of problem: Permission denied when hotplug the chardev with source path as "dev/ttyS0" to the guest Version-Release number of selected component (if applicable): libvirt-3.2.0-14.el7.x86_64 How reproducible: 100% Steps to reproduce: 1.Prepare a chardev with source path as "dev/ttyS0": #cat console.xml <console type='dev'> <source path='/dev/ttyS0'/> <target type='virtio' port='1'/> </console> 2.Attach the chardev to a running guest: # virsh attach-device V console.xml error: Failed to attach device from console.xml error: internal error: unable to execute QEMU command 'chardev-add': Could not open '/dev/ttyS0': Permission denied 3.Start a guest with /dev/ttySO chardev device: #virsh edit V ... <console type='dev'> <source path='/dev/ttyS0'/> <target type='virtio' port='1'/> </console> ... #virsh start V Domain V started #virsh dumpxml V | grep -A5 ttyS0 <console type='dev'> <source path='/dev/ttyS0'/> <target type='virtio' port='1'/> <alias name='console1'/> </console> Actual results: /dev/ttyS0 chardev failed to hotplug to the guest with permission denied error, but the guest with this device can start successfully. Expected results: If libvirt relabel the source file while starting the guest, it also should relabel the source file while hotpluging the device. Additional info: The /dev/ttyS0 chardev can hotunplug from the guest successfully.