Bug 1769196
Summary: | Security context of swtpm.log isn't restored after destroy vm if restart libvirtd while vm running | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | Yanqiu Zhang <yanqzhan> | ||||
Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> | ||||
Status: | CLOSED ERRATA | QA Contact: | Yanqiu Zhang <yanqzhan> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 8.1 | CC: | chhu, dyuan, fjin, jdenemar, knoel, lhuang, lizhu, lmen, xuzhang, yafu, yanqzhan | ||||
Target Milestone: | rc | Keywords: | Triaged, Upstream | ||||
Target Release: | 8.0 | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | libvirt-7.3.0-1.el8 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-11-16 07:49:54 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | 7.2.0 | ||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1897025 | ||||||
Attachments: |
|
Description
Yanqiu Zhang
2019-11-06 06:14:39 UTC
Created attachment 1633189 [details]
libvirtd_qemu_logs
Patch proposed upstream: https://listman.redhat.com/archives/libvir-list/2021-March/msg00030.html Fixed upstream as: 25ebb45a81 qemu_tpm: Generate log file path among with storage path f9cd29a2e4 qemu_tpm: Move logfile path generation into a separate function v7.1.0-31-g25ebb45a81 Verified on : libvirt-daemon-7.4.0-1.module+el8.5.0+11218+83343022.x86_64 qemu-kvm-6.0.0-17.module+el8.5.0+11173+c9fce0bb.x86_64 Steps: # virsh start vm-uefi Domain 'vm-uefi' started <tpm model='tpm-crb'> <backend type='emulator' version='2.0'/> </tpm> # ps aux|grep swtpm tss 2571 0.1 0.0 23568 3504 ? Ss 23:31 0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/1-vm-uefi-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bc038221-2b87-4248-b8f2-9f04d29e3285/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm-uefi-swtpm.log --tpm2 --pid file=/run/libvirt/qemu/swtpm/1-vm-uefi-swtpm.pid # ll -Z /var/log/swtpm/libvirt/qemu/vm-uefi-swtpm.log -rw-r--r--. 1 tss tss system_u:object_r:svirt_image_t:s0:c357,c483 3379 Jun 2 23:25 /var/log/swtpm/libvirt/qemu/vm-uefi-swtpm.log # getfattr -m trusted.libvirt.security -d /var/log/swtpm/libvirt/qemu/vm-uefi-swtpm.log getfattr: Removing leading '/' from absolute path names # file: var/log/swtpm/libvirt/qemu/vm-uefi-swtpm.log trusted.libvirt.security.ref_selinux="1" trusted.libvirt.security.selinux="system_u:object_r:virt_log_t:s0" trusted.libvirt.security.timestamp_selinux="1622676624" #systemctl restart libvirtd No change for above 3 checkpoints. # virsh destroy vm-uefi Domain 'vm-uefi' destroyed # ps aux|grep swtpm (nothing) # ll -Z /var/log/swtpm/libvirt/qemu/vm-uefi-swtpm.log -rw-r--r--. 1 tss tss system_u:object_r:virt_log_t:s0 3379 Jun 2 23:25 /var/log/swtpm/libvirt/qemu/vm-uefi-swtpm.log # getfattr -m trusted.libvirt.security -d /var/log/swtpm/libvirt/qemu/vm-uefi-swtpm.log (nothing) # virsh start vm-uefi Domain 'vm-uefi' started Login into guest, tpm device works well. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4684 |