Bug 1611320
Summary: | org.libvirt.api.nwfilter-binding.create is not registered | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | yalzhang <yalzhang> | |
Component: | libvirt | Assignee: | John Ferlan <jferlan> | |
Status: | CLOSED ERRATA | QA Contact: | yafu <yafu> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 7.6 | CC: | chhu, fjin, lmen, mtessun, tburke, xuzhang, yafu | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | libvirt-4.5.0-8.el7 | Doc Type: | No Doc Update | |
Doc Text: |
undefined
|
Story Points: | --- | |
Clone Of: | ||||
: | 1622540 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 09:58:28 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1622540 |
Description
yalzhang@redhat.com
2018-08-02 08:37:37 UTC
I sent a patch upstream which fixes the issue: https://www.redhat.com/archives/libvir-list/2018-August/msg01312.html although admittedly the wording in the commit message is "weak' at best! This is now pushed: commit 6ef65e3c96d5d1f16a16daca83b81b818d461e64 Author: John Ferlan <jferlan> Date: Tue Aug 21 15:58:29 2018 -0400 access: Fix nwfilter-binding ACL access API name generation ... Generation of the ACL API policy is a "automated process" based on this perl script which "worked" with the changes to add nwfilter binding API's because they had the "nwfilter" prefix; however, the generated output name was incorrect based on the remote protocol algorithm which expected to generate names such as 'nwfilter-binding.action' instead of 'nwfilter.binding-action'. This effectively changes src/access/org.libvirt.api.policy entries: org.libvirt.api.nwfilter.binding-create ==> org.libvirt.api.nwfilter-binding.create org.libvirt.api.nwfilter.binding-delete ==> org.libvirt.api.nwfilter-binding.delete org.libvirt.api.nwfilter.binding-getattr ==> org.libvirt.api.nwfilter-binding.getattr org.libvirt.api.nwfilter.binding-read ==> org.libvirt.api.nwfilter-binding.read Signed-off-by: John Ferlan <jferlan> Reviewed-by: Daniel P. Berrangé <berrange> $ git describe 6ef65e3c96d5d1f16a16daca83b81b818d461e64 v4.6.0-302-g6ef65e3c96 $ Reproduced with libvirt-4.5.0-6.el7.x86_64. Verified with libvirt-4.5.0-9.el7.x86_64. Test steps: 1.Set "access_drivers = [ "polkit" ]" in the libvirtd configure file, and restart libvirtd # vim /etc/libvirt/libvirtd.conf log_level=1 log_outputs='1:file:/var/log/libvirt/libvirtd.log' access_drivers = [ "polkit" ] # systemctl restart libvirtd 2.Start a guest with nwfilter: #virsh edit rhel7.6 <interface type='network'> <mac address='54:52:00:54:9e:f4'/> <source network='default'/> <model type='virtio'/> <filterref filter='clean-traffic'/> <alias name='ua-04c2decd-4e33-4889-84de-a2205c777af7'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </interface> #virsh start rhel7.6 Domain rhel7.6 started 3.List the nwfilter binding: # virsh nwfilter-binding-list Port Dev Filter ------------------------------------------------------------------ vnet0 clean-traffic 4.Dump the XML of nwfilter binding: # virsh nwfilter-binding-dumpxml vnet0 <filterbinding> <owner> <name>rhel7.6</name> <uuid>6753bb03-fbff-4004-82f5-cb2636562246</uuid> </owner> <portdev name='vnet0'/> <mac address='54:52:00:54:9e:f4'/> <filterref filter='clean-traffic'> <parameter name='MAC' value='54:52:00:54:9e:f4'/> </filterref> </filterbinding> 5.Destroy the guest: #virsh destroy rhel7.6 Domain rhel7.6 destroyed 6.Check the polkit api in libvirtd.log: # cat /var/log/libvirt/libvirtd.log | grep -i nwfilter-binding 2018-09-10 07:44:49.473+0000: 5614: debug : virAccessDriverPolkitCheck:138 : Check action 'org.libvirt.api.nwfilter-binding.create' for process '23226' time 43370225 uid 0 2018-09-10 07:44:49.476+0000: 5614: debug : virDBusMessageIterEncode:715 : Appended basic type 'char *' varg 'char *' sig 's' val 'org.libvirt.api.nwfilter-binding.create' 2018-09-10 07:44:49.498+0000: 5614: debug : virFileMakePathHelper:3093 : path=/var/run/libvirt/nwfilter-binding mode=0777 2018-09-10 07:44:59.884+0000: 5622: debug : virAccessDriverPolkitCheck:138 : Check action 'org.libvirt.api.connect.search-nwfilter-bindings' for process '24098' time 43371304 uid 0 2018-09-10 07:44:59.885+0000: 5622: debug : virDBusMessageIterEncode:715 : Appended basic type 'char *' varg 'char *' sig 's' val 'org.libvirt.api.connect.search-nwfilter-bindings' 2018-09-10 07:44:59.886+0000: 5622: debug : virAccessDriverPolkitCheck:138 : Check action 'org.libvirt.api.nwfilter-binding.getattr' for process '24098' time 43371304 uid 0 2018-09-10 07:44:59.886+0000: 5622: debug : virDBusMessageIterEncode:715 : Appended basic type 'char *' varg 'char *' sig 's' val 'org.libvirt.api.nwfilter-binding.getattr' 2018-09-10 07:45:11.544+0000: 5615: debug : virAccessDriverPolkitCheck:138 : Check action 'org.libvirt.api.nwfilter-binding.getattr' for process '24799' time 43372469 uid 0 2018-09-10 07:45:11.544+0000: 5615: debug : virDBusMessageIterEncode:715 : Appended basic type 'char *' varg 'char *' sig 's' val 'org.libvirt.api.nwfilter-binding.getattr' 2018-09-10 07:45:11.551+0000: 5614: debug : virAccessDriverPolkitCheck:138 : Check action 'org.libvirt.api.nwfilter-binding.read' for process '24799' time 43372469 uid 0 2018-09-10 07:45:11.551+0000: 5614: debug : virDBusMessageIterEncode:715 : Appended basic type 'char *' varg 'char *' sig 's' val 'org.libvirt.api.nwfilter-binding.read' 2018-09-10 07:45:24.013+0000: 5616: debug : virAccessDriverPolkitCheck:138 : Check action 'org.libvirt.api.nwfilter-binding.getattr' for process '25569' time 43373694 uid 0 2018-09-10 07:45:24.013+0000: 5616: debug : virDBusMessageIterEncode:715 : Appended basic type 'char *' varg 'char *' sig 's' val 'org.libvirt.api.nwfilter-binding.getattr' 2018-09-10 07:45:24.018+0000: 5616: debug : virAccessDriverPolkitCheck:138 : Check action 'org.libvirt.api.nwfilter-binding.delete' for process '25569' time 43373694 uid 0 2018-09-10 07:45:24.019+0000: 5616: debug : virDBusMessageIterEncode:715 : Appended basic type 'char *' varg 'char *' sig 's' val 'org.libvirt.api.nwfilter-binding.delete' Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3113 |