Bug 2174447

Summary:	Logs are spammed with ' Domain id=7 is tainted: custom-ga-command' message
Product:	Red Hat Enterprise Linux 8	Reporter:	Peter Krempa <pkrempa>
Component:	libvirt	Assignee:	Peter Krempa <pkrempa>
Status:	CLOSED ERRATA	QA Contact:	Lili Zhu <lizhu>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	8.4	CC:	jdenemar, jsuchane, lmen, pgm-rhel-tools, virt-bugs, virt-maint, ymankad
Target Milestone:	rc	Keywords:	Triaged, ZStream
Target Release:	---	Flags:	pm-rhel: mirror+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	libvirt-8.0.0-20.module+el8.9.0+18894+a91bbb94	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:	2174446
Clones:	2176898 2180030 2180031 2180032 (view as bug list)		Environment:
Last Closed:	2023-11-14 15:33:25 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2174446
Bug Blocks:	2176898, 2180030, 2180031, 2180032

Description Peter Krempa 2023-03-01 16:19:48 UTC

+++ This bug was initially created as a clone of Bug #2174446 +++

Description of problem:
When a management APP is using agent command passhthrough the logs are spammed with:

 Domain id=7 is tainted: custom-ga-command

over and over again.

Version-Release number of selected component (if applicable):
introduced in libvirt 7.1

How reproducible:
always

Steps to Reproduce:
1. Start VM
2. repeatedly invoke command such as:
$ virsh qemu-agent-command ha '{"execute":"guest-get-vcpus"}'

3. observe logs being spammed

Actual results:


Expected results:


Additional info:

Comment 6 Lili Zhu 2023-03-16 07:57:18 UTC

Verify this bug with:
libvirt-8.0.0-19.module+el8.8.0+18370+e5872f90.x86_64

1. prepare a guest with guest agent
# virsh domtime vm1
Time: 1678521142

2. check the dominfo
# virsh dominfo vm1
Id:             2
Name:           vm1
UUID:           ba63a682-90de-4816-a527-25d2ed542311
OS Type:        hvm
State:          running
CPU(s):         2
CPU time:       2.5s
Max memory:     3145728 KiB
Used memory:    3145728 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c339,c702 (enforcing)

3. check the some info about guest using qemu-agent-command
# virsh qemu-agent-command vm1 '{"execute":"guest-get-fsinfo"}'
{"return":[{"name":"vda1","total-bytes":1063256064,

4. check the dominfo again
# virsh dominfo vm1
Id:             2
Name:           vm1
UUID:           ba63a682-90de-4816-a527-25d2ed542311
OS Type:        hvm
State:          running
CPU(s):         2
CPU time:       32.7s
Max memory:     3145728 KiB
Used memory:    3145728 KiB
Persistent:     yes
Autostart:      disable
Managed save:   no
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c339,c702 (enforcing)
Messages:       tainted: custom guest agent control commands issued

5. check the log
1327:2023-03-16 07:49:38.592+0000: 55730: warning : qemuDomainObjTaintMsg:6401 : Domain id=2 name='vm1' uuid=ba63a682-90de-4816-a527-25d2ed542311 is tainted: custom-ga-command
1329:2023-03-16 07:49:38.592+0000: 55730: debug : qemuDomainLogAppendMessage:6766 : Append log message (vm='vm1' message='2023-03-16 07:49:38.592+0000: Domain id=2 is tainted: custom-ga-command

6. repeat step 2 for 100 times
# for i in {1..100}; do virsh qemu-agent-command vm1 '{"execute":"guest-get-fsinfo"}'; done
....

7. check the log again
# grep -ni tainted /var/log/libvirt/libvirtd.log 
1327:2023-03-16 07:49:38.592+0000: 55730: warning : qemuDomainObjTaintMsg:6401 : Domain id=2 name='vm1' uuid=ba63a682-90de-4816-a527-25d2ed542311 is tainted: custom-ga-command
1329:2023-03-16 07:49:38.592+0000: 55730: debug : qemuDomainLogAppendMessage:6766 : Append log message (vm='vm1' message='2023-03-16 07:49:38.592+0000: Domain id=2 is tainted: custom-ga-command

(The tainted message is printed when invoking guest-agent-command for the first time. And no new logs about tainted messages printed for the later invoking, logs are not spammed)

Comment 12 Peter Krempa 2023-03-20 12:37:12 UTC

*** Bug 2176898 has been marked as a duplicate of this bug. ***

Comment 15 Lili Zhu 2023-05-24 14:09:01 UTC

Tested this bug with:
libvirt-8.0.0-20.module+el8.9.0+18894+a91bbb94.x86_64

The testing steps are the same with those in Comment #6, testing passed

Comment 18 Lili Zhu 2023-06-27 13:31:15 UTC

Verify this bug with:
libvirt-8.0.0-21.module+el8.9.0+19166+e262ca96.x86_64


The verification steps are the same with those in Comment #6.

As the result matches with the expected result, mark the bug as verified.

Comment 21 errata-xmlrpc 2023-11-14 15:33:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6980