Bug 2174447

Summary: Logs are spammed with ' Domain id=7 is tainted: custom-ga-command' message
Product: Red Hat Enterprise Linux 8 Reporter: Peter Krempa <pkrempa>
Component: libvirtAssignee: Peter Krempa <pkrempa>
Status: CLOSED ERRATA QA Contact: Lili Zhu <lizhu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.4CC: jdenemar, jsuchane, lmen, pgm-rhel-tools, virt-bugs, virt-maint, ymankad
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-8.0.0-20.module+el8.9.0+18894+a91bbb94 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2174446
: 2176898 2180030 2180031 2180032 (view as bug list) Environment:
Last Closed: 2023-11-14 15:33:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2174446    
Bug Blocks: 2176898, 2180030, 2180031, 2180032    

Description Peter Krempa 2023-03-01 16:19:48 UTC 
+++ This bug was initially created as a clone of Bug #2174446 +++

Description of problem:
When a management APP is using agent command passhthrough the logs are spammed with:

 Domain id=7 is tainted: custom-ga-command

over and over again.

Version-Release number of selected component (if applicable):
introduced in libvirt 7.1

How reproducible:
always

Steps to Reproduce:
1. Start VM
2. repeatedly invoke command such as:
$ virsh qemu-agent-command ha '{"execute":"guest-get-vcpus"}'

3. observe logs being spammed

Actual results:


Expected results:


Additional info:
Comment 6 Lili Zhu 2023-03-16 07:57:18 UTC 
Verify this bug with:
libvirt-8.0.0-19.module+el8.8.0+18370+e5872f90.x86_64

1. prepare a guest with guest agent
# virsh domtime vm1
Time: 1678521142

2. check the dominfo
# virsh dominfo vm1
Id:             2
Name:           vm1
UUID:           ba63a682-90de-4816-a527-25d2ed542311
OS Type:        hvm
State:          running
CPU(s):         2
CPU time:       2.5s
Max memory:     3145728 KiB
Used memory:    3145728 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c339,c702 (enforcing)

3. check the some info about guest using qemu-agent-command
# virsh qemu-agent-command vm1 '{"execute":"guest-get-fsinfo"}'
{"return":[{"name":"vda1","total-bytes":1063256064,

4. check the dominfo again
# virsh dominfo vm1
Id:             2
Name:           vm1
UUID:           ba63a682-90de-4816-a527-25d2ed542311
OS Type:        hvm
State:          running
CPU(s):         2
CPU time:       32.7s
Max memory:     3145728 KiB
Used memory:    3145728 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c339,c702 (enforcing)
Messages:       tainted: custom guest agent control commands issued

5. check the log
1327:2023-03-16 07:49:38.592+0000: 55730: warning : qemuDomainObjTaintMsg:6401 : Domain id=2 name='vm1' uuid=ba63a682-90de-4816-a527-25d2ed542311 is tainted: custom-ga-command
1329:2023-03-16 07:49:38.592+0000: 55730: debug : qemuDomainLogAppendMessage:6766 : Append log message (vm='vm1' message='2023-03-16 07:49:38.592+0000: Domain id=2 is tainted: custom-ga-command

6. repeat step 2 for 100 times
# for i in {1..100}; do virsh qemu-agent-command vm1 '{"execute":"guest-get-fsinfo"}'; done
....

7. check the log again
# grep -ni tainted /var/log/libvirt/libvirtd.log 
1327:2023-03-16 07:49:38.592+0000: 55730: warning : qemuDomainObjTaintMsg:6401 : Domain id=2 name='vm1' uuid=ba63a682-90de-4816-a527-25d2ed542311 is tainted: custom-ga-command
1329:2023-03-16 07:49:38.592+0000: 55730: debug : qemuDomainLogAppendMessage:6766 : Append log message (vm='vm1' message='2023-03-16 07:49:38.592+0000: Domain id=2 is tainted: custom-ga-command

(The tainted message is printed when invoking guest-agent-command for the first time. And no new logs about tainted messages printed for the later invoking, logs are not spammed)
Comment 12 Peter Krempa 2023-03-20 12:37:12 UTC 
*** Bug 2176898 has been marked as a duplicate of this bug. ***
Comment 15 Lili Zhu 2023-05-24 14:09:01 UTC 
Tested this bug with:
libvirt-8.0.0-20.module+el8.9.0+18894+a91bbb94.x86_64

The testing steps are the same with those in Comment #6, testing passed
Comment 18 Lili Zhu 2023-06-27 13:31:15 UTC 
Verify this bug with:
libvirt-8.0.0-21.module+el8.9.0+19166+e262ca96.x86_64


The verification steps are the same with those in Comment #6.

As the result matches with the expected result, mark the bug as verified.
Comment 21 errata-xmlrpc 2023-11-14 15:33:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6980