Bug 2156523
| Summary: | For disk hot-plug, RAWIO is not set actually | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Han Han <hhan> |
| Component: | libvirt | Assignee: | Virtualization Maintenance <virt-maint> |
| libvirt sub component: | General | QA Contact: | Han Han <hhan> |
| Status: | CLOSED MIGRATED | Docs Contact: | |
| Severity: | low | ||
| Priority: | low | CC: | jsuchane, lmen, mprivozn, virt-maint, yisun |
| Version: | 9.2 | Keywords: | MigratedToJIRA, Triaged |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-07-07 21:19:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The same issue for hostdev@rawio:
<hostdev mode='subsystem' type='scsi' rawio='yes'>
<source>
<adapter name='scsi_host2'/>
<address bus='0' target='0' unit='0'/>
</source>
<readonly/>
</hostdev>
I'm not sure this is a solvable issue. I mean, once QEMU permissions are dropped there's not a mechanism that would allow us to enable it in QEMU again. It would require us to not drop CAP_SYS_RAWIO from the bounding set and then notify QEMU to try and promote the capability. But yeah, QEMU knows nothing about its capabilities. In other words, we may as well deny hotplugging if QEMU was started without the capability. |
Description of problem: As subject Version-Release number of selected component (if applicable): qemu-kvm-7.2.0-2.el9.x86_64 kernel-5.14.0-207.el9.x86_64 libvirt-8.10.0-2.el9.x86_64 How reproducible: Steps to Reproduce: 1. Start an VM ➜ ~ virsh list Id Name State -------------------------- 4 rhel-9.2 running 2. Attach an disk with rawio='yes' then check the capabilities of the qemu-kvm process and its threads ➜ ~ virsh attach-device rhel-9.2 ./rawio.xml Device attached successfully ➜ ~ cat rawio.xml <disk type='block' device='lun' rawio='yes'> <driver name='qemu' type='raw'/> <source dev='/dev/sda'/> <target dev='sda' bus='scsi'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> ➜ ~ getpcaps `pidof qemu-kvm` 439898: = ➜ ~ for i in $(ps -T -p `pidof qemu-kvm`|awk 'NR!=1{print $2}');do getpcaps $i;done 439898: = 439917: = 439921: = 439922: = 439924: = Actual results: As above Expected results: - Disallow hot-plug with rawio='yes' - Or support to set/unset the RAWIO capabilities for qemu-kvm process or its threads. Expect the results like starting VM with rawio='yes': ➜ ~ getpcaps `pidof qemu-kvm` 440300: cap_sys_rawio=eip ➜ ~ for i in $(ps -T -p `pidof qemu-kvm`|awk 'NR!=1{print $2}');do getpcaps $i;done 440300: cap_sys_rawio=eip 440315: cap_sys_rawio=eip 440319: cap_sys_rawio=eip 440320: cap_sys_rawio=eip 440323: cap_sys_rawio=eip Additional info: