Bug 2121972
Summary: | [virtiofs] Input/output error when creating file on host directly and then access it from guest with SELinux support enabled | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | xiagao |
Component: | virtiofsd | Assignee: | German Maglione <gmaglione> |
Status: | CLOSED ERRATA | QA Contact: | xiagao |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9.1 | CC: | coli, gmaglione, jinzhao, juzhang, kwolf, lijin, qizhu, vgoyal, virt-maint |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | virtiofsd-1.5.0-1.el9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-05-09 07:46:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2123070 | ||
Bug Blocks: |
Description
xiagao
2022-08-28 00:12:30 UTC
Changed component to virtiofsd as this is an virtiofsd (Rust) issue and not qemu-kvm issue. Just a clarification, this bug is related to how we handle an empty list of xattr names in listxattr. It shows up here because of the mapping of security.selinux. You can also test it using the following script on a file without any xattr #!/usr/bin/env python import os import sys if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <file name>") sys.exit(1) xattrs = os.listxattr(sys.argv[1]) for a in xattrs: print(a) Get the shared folder's extended attribution also failed with the same error. I though they are the same issue. Steps: 1. enable SELinuxe in guest and host 2. start virtiofsd with --security-label. /usr/libexec/virtiofsd --socket-path=/var/tmp/avocado_2bv4m51f/avocado-vt-vm1-fs-virtiofsd.sock -o source=/root/avocado/data/avocado-vt/virtio_fs_test/ --xattr --security-label -o xattrmap=:map:security.selinux:trusted.virtiofsd.: --modcaps=+sys_admin -o sandbox=chroot 3. start vm and mount virtiofs. 4. try to get extended attribution of the shared folder, but get input/output error. [root@bootp-73-75-179 ~]# getfattr -d -m - /mnt/myfs/ /mnt/myfs/: Input/output error (In reply to xiagao from comment #5) > Get the shared folder's extended attribution also failed with the same > error. > I though they are the same issue. > > Steps: > 1. enable SELinuxe in guest and host > 2. start virtiofsd with --security-label. > > /usr/libexec/virtiofsd > --socket-path=/var/tmp/avocado_2bv4m51f/avocado-vt-vm1-fs-virtiofsd.sock -o > source=/root/avocado/data/avocado-vt/virtio_fs_test/ --xattr > --security-label -o xattrmap=:map:security.selinux:trusted.virtiofsd.: > --modcaps=+sys_admin -o sandbox=chroot > > 3. start vm and mount virtiofs. > > 4. try to get extended attribution of the shared folder, but get > input/output error. > [root@bootp-73-75-179 ~]# getfattr -d -m - /mnt/myfs/ > /mnt/myfs/: Input/output error I tested, I cannot reproduce using the latest version that includes the listxattr fix. So, this issue also will be fixed with the next version rebase. Hi German I see this bug is posted, could you pls set DTM for this bug? Thanks, Xiaoling Test pass with the fixed virtiofsd version, there is no input/output error info, so set Verified status of this bug. [root@bootp-73-75-32 mnt]# getfattr -d -m - mm [root@bootp-73-75-32 mnt]# [root@bootp-73-75-32 mm]# getfattr -m '' b [root@bootp-73-75-32 mm]# pkg: virtiofsd-1.5.0-1.el9.x86_64 qemu-kvm-7.2.0-1.el9 5.14.0-219.el9.x86_64(host) 5.14.0-226.el9.x86_64(guest) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virtiofsd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2334 |