Bug 1628475
| Summary: | Rpm verify show mode differs for package libvirt-daemon-config-nwfilter when libvirtd is stopped | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | chhu |
| Component: | libvirt | Assignee: | Jiri Denemark <jdenemar> |
| Status: | CLOSED ERRATA | QA Contact: | yalzhang <yalzhang> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.1 | CC: | dyuan, jdenemar, lmen, xuzhang, yalzhang |
| Target Milestone: | rc | ||
| Target Release: | 8.1 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-5.4.0-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-11-06 07:12:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Patch sent upstream for review: https://www.redhat.com/archives/libvir-list/2019-May/msg00683.html This will be addressed in the next major release. Fixed upstream by
commit f87d5a964f648e78ad95b26a286e2670b0da72e2
Refs: v5.3.0-147-gf87d5a964f
Author: Jiri Denemark <jdenemar>
AuthorDate: Thu May 23 14:31:37 2019 +0200
Commit: Jiri Denemark <jdenemar>
CommitDate: Mon May 27 15:00:11 2019 +0200
spec: Fix permissions of nwfilter XMLs
The nwfilter XML files stored in /etc/libvirt/nwfilter are copied in a
%post scriptlet from /usr/share/libvirt/nwfilter/*.xml. While the files
in /usr/share are created with mode 0644, libvirt creates the files in
/etc/libvirt/nwfilter with mode 0600. Since 0600 is also stored in the
RPM database, we need to chmod the files copied from /usr/share to make
sure RPM verification does not complain about changed permissions.
https://bugzilla.redhat.com/show_bug.cgi?id=1628475
Signed-off-by: Jiri Denemark <jdenemar>
Reviewed-by: Andrea Bolognani <abologna>
Reproduce the bug on 1. Install the libvirt-daemon-config-nwfilter package while the libvirtd service is inactive: (if install the package while the libvirtd is active, the bug can not be reproduced) # rpm -q libvirt-daemon-config-nwfilter package libvirt-daemon-config-nwfilter is not installed # systemctl status libvirtd ... Active: inactive (dead) ... # yum install -y libvirt-daemon-config-nwfilter ... 2. Check the rpm velidate will fail: # rpm -V libvirt-daemon-config-nwfilter .M....... g /etc/libvirt/nwfilter/allow-arp.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp-server.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp.xml .M....... g /etc/libvirt/nwfilter/allow-incoming-ipv4.xml .M....... g /etc/libvirt/nwfilter/allow-ipv4.xml .M....... g /etc/libvirt/nwfilter/clean-traffic-gateway.xml .M....... g /etc/libvirt/nwfilter/clean-traffic.xml .M....... g /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-ip-multicast.xml .M....... g /etc/libvirt/nwfilter/no-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-mac-broadcast.xml .M....... g /etc/libvirt/nwfilter/no-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-other-l2-traffic.xml .M....... g /etc/libvirt/nwfilter/no-other-rarp-traffic.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self.xml Verify the bug on libvirt-daemon-config-nwfilter-5.4.0-2.module+el8.1.0+3523+b348b848.x86_64: 1. Stop the libvirtd service; 2. Install the package libvirt-daemon-config-nwfilter; 3. Check by "rpm -V" # rpm -V libvirt-daemon-config-nwfilter ==> no outputs # echo $? 0 4. Also check the scenario: when install the package while libvirtd is active, validate pass, the result is as expected, too. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3723 |
Description of problem: Rpm verify show mode differs for package libvirt-daemon-config-nwfilter when libvirtd is stopped Version-Release number of selected component (if applicable): libvirt-daemon-config-nwfilter-4.5.0-9.el7.x86_64 How reproducible: 100% Tested with packages: libvirt-daemon-config-nwfilter-4.5.0-9.el7.x86_64 rpm-4.11.3-35.el7.x86_64 Test steps: 1. Install the libvirt-daemon-config-nwfilter package, then do rpm verify, all xml files will show mode differs # rpm -V libvirt-daemon-config-nwfilter-4.5.0-9.el7.x86_64 .M....... g /etc/libvirt/nwfilter/allow-arp.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp-server.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp.xml .M....... g /etc/libvirt/nwfilter/allow-incoming-ipv4.xml .M....... g /etc/libvirt/nwfilter/allow-ipv4.xml .M....... g /etc/libvirt/nwfilter/clean-traffic-gateway.xml .M....... g /etc/libvirt/nwfilter/clean-traffic.xml .M....... g /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-ip-multicast.xml .M....... g /etc/libvirt/nwfilter/no-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-mac-broadcast.xml .M....... g /etc/libvirt/nwfilter/no-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-other-l2-traffic.xml .M....... g /etc/libvirt/nwfilter/no-other-rarp-traffic.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self.xml # ll -Z /etc/libvirt/nwfilter/allow-arp.xml -rw-r--r--. root root unconfined_u:object_r:virt_etc_rw_t:s0 /etc/libvirt/nwfilter/allow-arp.xml # rpm -qa|grep rpm rpm-4.11.3-35.el7.x86_64 2. Check the libvirtd status, it's stopped. # service libvirtd status Redirecting to /bin/systemctl status libvirtd.service ● libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) Active: inactive (dead) Docs: man:libvirtd(8) https://libvirt.org Actual results: The rpm verify fail Expected results: The rpm verify pass