Bug 1573268

Summary: Got lots OVS daemon ERRs while starting a OVS-dpdk guest [rhel-7.5.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: libvirtAssignee: Martin Kletzander <mkletzan>
Status: CLOSED ERRATA QA Contact: Yanqiu Zhang <yanqzhan>
Severity: high Docs Contact:
Priority: high    
Version: 7.5CC: aconole, atragler, berrange, chhu, ctrautma, dyuan, eskultet, fbaudin, fjin, fleitner, jdenemar, jherrman, jhsiao, jraju, jsuchane, juzhang, knoel, ktraynor, kzhang, lmen, maxime.coquelin, mkletzan, mtessun, pezhang, rbalakri, rcain, skramaja, tredaelli, virt-maint, xuzhang, yalzhang
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-3.9.0-14.el7_5.6 Doc Type: Bug Fix
Doc Text:
Previously, the virtlogd service logged redundant AVC denial errors when a guest virtual machine was started. With this update, the virtlogd service no longer attempts to send shutdown inhibition calls to systemd, which prevents the described errors from occurring.
 Story Points: ---
Clone Of: 1547250 Environment:
Last Closed: 2018-06-26 16:55:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1547250    
Bug Blocks:    

Description Oneata Mircea Teodor 2018-04-30 16:51:37 UTC 
This bug has been copied from bug #1547250 and has been proposed to be backported to 7.5 z-stream (EUS).
Comment 6 Martin Kletzander 2018-05-11 11:56:54 UTC 
How do you feel about this BZ and the fix since it was handled in selinux-policy as well?  See https://bugzilla.redhat.com/show_bug.cgi?id=1547250#c38

Should we move it there?  I would rather add our patch since the fix in selinux-policy should probably be reverted.
Comment 7 Jiri Denemark 2018-05-11 12:16:31 UTC 
Yeah, I agree we should ship our patch and let the selinux-policy change be
reverted.
Comment 9 Yanqiu Zhang 2018-06-05 15:54:01 UTC 
Can reproduce the "avc:  denied" issue with following pkgs:
libvirt-3.9.0-14.el7_5.5.x86_64
qemu-kvm-rhev-2.10.0-21.el7_5.3.x86_64


Verify this bug with following pkgs:
libvirt-3.9.0-14.el7_5.6.x86_64
qemu-kvm-rhev-2.10.0-21.el7_5.3.x86_64

Whether selinux is enforcing or permissive, no "avc: denied" msg in /var/log/audit/audit.log when guest start. Only get "avc:  received setenforce notice..." avc msg.

Since the result is as expected. Mark this bug as verified.
Comment 11 errata-xmlrpc 2018-06-26 16:55:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1997