Bug 1780154

Summary: Don't clear XATTRs on failed start
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: Michal Privoznik <mprivozn>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: yafu <yafu>
Severity: high Docs Contact:
Priority: high    
Version: 8.1CC: chhu, david.abdurachmanov, fjin, hhan, jdenemar, jsuchane, lhuang, lmen, mprivozn, mtessun, rbalakri, toneata, xuzhang, yafu
Target Milestone: rcKeywords: Regression, Upstream
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-6.0.0-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1771500 Environment:
Last Closed: 2020-05-05 09:52:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1740024, 1771500    
Bug Blocks: 1652078    

Description Michal Privoznik 2019-12-05 14:08:11 UTC 
+++ This bug was initially created as a clone of Bug #1771500 +++

--- Additional comment from yafu on 2019-12-04 04:22:04 CET ---

Hi  Michal,

The xattr was cleared when trying to start the second vm using same disk with libvirt-5.6.0-6.2.x86_64. And it works well with libvirt-5.6.0-6.1.x86_64.
Could you help to check the issue please?
Thanks.

Test steps:
1.# virsh start vm1
Domain vm1 started

2.# getfattr -m trusted.libvirt.security -d /var/lib/libvirt/images/test.qcow2
getfattr: Removing leading '/' from absolute path names
# file: var/lib/libvirt/images/test.qcow2
trusted.libvirt.security.dac="+0:+0"
trusted.libvirt.security.ref_dac="1"
trusted.libvirt.security.ref_selinux="1"
trusted.libvirt.security.selinux="system_u:object_r:virt_image_t:s0"
trusted.libvirt.security.timestamp_dac="1574640796"
trusted.libvirt.security.timestamp_selinux="1574640796"

3.Start another guest using /var/lib/libvirt/images/test.qcow2:
# virsh start vm2
error: Failed to start domain vm2
error: internal error: child reported (status=125): Requested operation is not valid: Setting different SELinux label on /var/lib/libvirt/images/test.qcow2 which is already in use

4.The xattr was cleared after step3:
# getfattr -m trusted.libvirt.security -d /var/lib/libvirt/images/test.qcow2
no output

--- Additional comment from Michal Privoznik on 2019-12-04 17:42:14 CET ---

Yes, this is a bug in the patch I've pushed. Proposing the fix here:

https://www.redhat.com/archives/libvir-list/2019-December/msg00246.html

--- Additional comment from Michal Privoznik on 2019-12-05 15:03:33 CET ---

Actually, I've talked to lmen and we agreed that the fix from comment 10 will be in a separate bug. So I'm moving this bug over to QA and will clone this one shortly.
Comment 1 Michal Privoznik 2019-12-05 14:10:23 UTC 
I've merged the fix:

516b867685 qemuProcessStop: Remove image metadata only when allowed

v5.10.0-64-g516b867685
Comment 3 yafu 2020-01-19 08:46:39 UTC 
Verified with libvirt-daemon-6.0.0-1.module+el8.2.0+5453+31b2b136.x86_64.

Test steps:
1.# virsh start vm1
Domain vm1 started

2.#getfattr -m trusted.libvirt.security -d /var/lib/libvirt/images/test1.qcow2 
getfattr: Removing leading '/' from absolute path names
# file: var/lib/libvirt/images/test1.qcow2
trusted.libvirt.security.dac="+0:+0"
trusted.libvirt.security.ref_dac="1"
trusted.libvirt.security.ref_selinux="1"
trusted.libvirt.security.selinux="unconfined_u:object_r:virt_image_t:s0"
trusted.libvirt.security.timestamp_dac="1578622766"
trusted.libvirt.security.timestamp_selinux="1578622766"

3.Start another guest using /var/lib/libvirt/images/test1.qcow2:
# virsh start vm2
error: Failed to start domain vm2
error: internal error: child reported (status=125): Requested operation is not valid: Setting different SELinux label on /var/lib/libvirt/images/test1.qcow2 which is already in use

4.#  getfattr -m trusted.libvirt.security -d /var/lib/libvirt/images/test1.qcow2 
getfattr: Removing leading '/' from absolute path names
# file: var/lib/libvirt/images/test1.qcow2
trusted.libvirt.security.dac="+0:+0"
trusted.libvirt.security.ref_dac="1"
trusted.libvirt.security.ref_selinux="1"
trusted.libvirt.security.selinux="unconfined_u:object_r:virt_image_t:s0"
trusted.libvirt.security.timestamp_dac="1578622766"
trusted.libvirt.security.timestamp_selinux="1578622766"

5.Destroy guest vm1:
#virsh destroy vm1

6.Start guest vm1:
#virsh start vm1

7.#  getfattr -m trusted.libvirt.security -d /var/lib/libvirt/images/test1.qcow2 
getfattr: Removing leading '/' from absolute path names
# file: var/lib/libvirt/images/test1.qcow2
trusted.libvirt.security.dac="+0:+0"
trusted.libvirt.security.ref_dac="1"
trusted.libvirt.security.ref_selinux="1"
trusted.libvirt.security.selinux="unconfined_u:object_r:virt_image_t:s0"
trusted.libvirt.security.timestamp_dac="1578622766"
trusted.libvirt.security.timestamp_selinux="1578622766"
Comment 5 errata-xmlrpc 2020-05-05 09:52:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2017