Bug 1983965

Summary: libvirt doesn't relabel sockets in nbd: backing URLs on rhel9
Product: Red Hat Enterprise Linux 9 Reporter: mxie <mxie>
Component: libguestfsAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.0CC: chhu, juzhou, kkiwi, mzhan, rjones, tyan, tzheng, virt-maint, vwu, xiaodwan
Target Milestone: beta   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: V2V_OSP_INT
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-21 06:07:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
rhel9-v2v-openstack-enable-selinux-without-vddk.log none

Description mxie@redhat.com 2021-07-20 09:59:58 UTC 
Created attachment 1803587 [details]
rhel9-v2v-openstack-enable-selinux-without-vddk.log

This bug was initially created as a copy of Bug #1983957

Description of problem
libvirt doesn't relabel sockets in nbd: backing URLs on rhel9

Version-Release number of selected component (if applicable):
virt-v2v-1.45.2-1.el9.x86_64
libguestfs-1.45.6-9.el9.x86_64
guestfs-tools-1.46.1-3.el9.1.x86_64
libvirt-libs-7.4.0-1.el9.x86_64
qemu-kvm-common-6.0.0-8.el9.x86_64
nbdkit-1.26.2-1.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Prepare a rhel9 instance which has installed virt-v2v on OSP16.2 environment, we called the instance as 'v2v conversion appliance', enable selinux on 'v2v conversion appliance'
# getenforce
Enforcing

2. Convert a guest from vmware to openstack by virt-v2v with vddk
# virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vddk7.0.2 -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o openstack -oo server-id=v2v-appliance-rhel9_0 -oo guest-id=12345678-1234-1234-1234-123456789123  esx7.0-rhel8.4-x86_64 -ip /home/passwd
/usr/lib/python3.9/site-packages/secretstorage/dhcrypto.py:16: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes
/usr/lib/python3.9/site-packages/secretstorage/util.py:25: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes
[   1.9] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx7.0-rhel8.4-x86_64 -it vddk  -io vddk-libdir=/home/vddk7.0.2 -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA
[   3.8] Creating an overlay to protect the source from being modified
[   4.7] Opening the overlay
virt-v2v: error: libguestfs error: could not create appliance through 
libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: can't connect to virtlogd: Unable to open 
system token /run/libvirt/common/system.token: Permission denied [code=38 
int1=13]

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]



3.Convert a guest from vmware to openstack by virt-v2v without vddk
# virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -o openstack -oo server-id=v2v-appliance-rhel9_0 -oo guest-id=12345678-1234-1234-1234-123456789123  esx7.0-rhel8.4-x86_64 -ip /home/passwd
/usr/lib/python3.9/site-packages/secretstorage/dhcrypto.py:16: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes
/usr/lib/python3.9/site-packages/secretstorage/util.py:25: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead
  from cryptography.utils import int_from_bytes
[   1.9] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx7.0-rhel8.4-x86_64
[   4.3] Creating an overlay to protect the source from being modified
[   5.4] Opening the overlay
virt-v2v: error: libguestfs error: could not create appliance through 
libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: can't connect to virtlogd: Unable to open 
system token /run/libvirt/common/system.token: Permission denied [code=38 
int1=13]

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]




Actual results:
As above description


Expected results:
Not set environment variable "export LIBGUESTFS_BACKEND=direct" during virt-v2v openstack conversion if selinux is enabled

Additional info:
The bug has been fixed in bug1698437 for rhel7
Comment 2 Richard W.M. Jones 2021-07-20 10:12:48 UTC 
> can't connect to virtlogd: Unable to open system token /run/libvirt/common/system.token: Permission denied

I think this is the same as
https://bugzilla.redhat.com/show_bug.cgi?id=1983957#c1
Comment 3 mxie@redhat.com 2021-07-21 06:07:16 UTC 

*** This bug has been marked as a duplicate of bug 1969209 ***