Bug 2184183
| Summary: | virt-v2v conversions fail with "Multiple same specifications for /.*" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Pieter Malan <pmalan> | ||||
| Component: | virt-v2v | Assignee: | Richard W.M. Jones <rjones> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Vera <vwu> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 8.7 | CC: | byount, dbewley, ddepaula, jmaloy, jwboyer, kkiwi, mxie, rjones, tyan, tzheng, vwu, xiaodwan | ||||
| Target Milestone: | rc | Keywords: | Triaged | ||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | virt-v2v-1.42.0-22.el8_8 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2023-05-16 08:18:37 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Don't have visibility into what was added after base install, and if selinux policies where maintained/installed for additional packages. Just received the /etc/selinux/config: # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted This bug does not affect upstream virt-v2v. Downstream fix posted: https://listman.redhat.com/archives/libguestfs/2023-April/031206.html My reproducer: $ virt-builder --format=qcow2 fedora-36 --append-line '/etc/selinux/targeted/contexts/files/file_contexts:/.* system_u:object_r:default_t:s0' $ virt-v2v -i disk fedora-36.qcow2 -o null On RHEL 8 (virt-v2v-1.42.0-21.module+el8.8.0+16781+9f4724c2.x86_64) it fails like this: virt-v2v: error: libguestfs error: selinux_relabel: Can't stat exclude path "/sysroot/selinux", No such file or directory - ignoring. setfiles: /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /.*. /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument On RHEL 9 (virt-v2v-2.0.7-6.el9.x86_64) it works fine. Fedora and upstream are also fine. Reproduced with virt-v2v-1.42.0-21.module+el8.8.0+16781+9f4724c2.x86_64. Steps: 1. Prepare a RHEL 7.9/8.7 on ESXi8.0 2. Check: [root@localhost ~]# getenforce Disabled [root@localhost ~]# [root@localhost ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted 3. Add the line with content "/.* system_u:object_r:default_t:s0" into /etc/selinux/targeted/contexts/files/file_contexts [root@localhost ~]# vi /etc/selinux/targeted/contexts/files/file_contexts /.* system_u:object_r:default_t:s0 /.* system_u:object_r:default_t:s0 ..... 4. Convert via virt-v2v # virt-v2v -i libvirt -ic vpx://root.212.149/data/10.73.212.36/?no_verify=1 -o null -ip /v2v-ops/esxpw esx8.0-rhel7.9-x86_64-bz2184183 [ 0.0] Opening the source -i libvirt -ic vpx://root.212.149/data/10.73.212.36/?no_verify=1 esx8.0-rhel7.9-x86_64-bz2184183 [ 4.9] Creating an overlay to protect the source from being modified [ 6.8] Opening the overlay [ 39.8] Inspecting the overlay [ 558.6] Checking for sufficient free disk space in the guest [ 558.6] Estimating space required on target for each disk [ 558.6] Converting Red Hat Enterprise Linux Server 7.9 (Maipo) to run on KVM virt-v2v: error: libguestfs error: selinux_relabel: Can't stat exclude path "/sysroot/selinux", No such file or directory - ignoring. setfiles: /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /.*. /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument If reporting bugs, run virt-v2v with debugging enabled and include the complete output: virt-v2v -v -x [...] Verified with virt-v2v-1.42.0-22.module+el8.8.0+18565+360d99ae.x86_64.The conversion can work successfully. # rpm -qa virt-v2v virt-v2v-1.42.0-22.module+el8.8.0+18565+360d99ae.x86_64 # virt-v2v -i libvirt -ic vpx://root.212.149/data/10.73.212.36/?no_verify=1 -o null -ip /v2v-ops/esxpw esx8.0-rhel7.9-x86_64-bz2184183 [ 0.0] Opening the source -i libvirt -ic vpx://root.212.149/data/10.73.212.36/?no_verify=1 esx8.0-rhel7.9-x86_64-bz2184183 [ 5.0] Creating an overlay to protect the source from being modified [ 7.1] Opening the overlay [ 47.5] Inspecting the overlay [ 562.0] Checking for sufficient free disk space in the guest [ 562.0] Estimating space required on target for each disk [ 562.0] Converting Red Hat Enterprise Linux Server 7.9 (Maipo) to run on KVM virt-v2v: This guest has virtio drivers installed. [2044.3] Mapping filesystem data to avoid copying unused and blank areas [2046.7] Closing the overlay [2047.0] Assigning disks to buses [2047.0] Checking if the guest needs BIOS or UEFI to boot [2047.0] Initializing the target -o null [2047.0] Copying disk 1/2 to qemu URI json:{ "file.driver": "null-co", "file.size": "1E" } (raw) (100.00/100%) [3654.7] Copying disk 2/2 to qemu URI json:{ "file.driver": "null-co", "file.size": "1E" } (raw) (100.00/100%) [3883.9] Creating output metadata [3883.9] Finishing off Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2757 |
Created attachment 1955582 [details] virt-v2v log Description of problem: Customer disable SELINUX with kernel parameter selinux=0. virt-v2v does not pick up that SELINUX is disabled and try to do a relabel, and fails on relabeling. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Prepare a RHEL 7.2 on VMWare, standard minimal install 2. grubby --update-kernel=ALL --args="selinux=0" 3. dracut -f 4. Reboot 5. getenforce -> Disabled 6. /etc/selinux/config still contains: SELINUX=enforcing SELINUX=targeted 7. Migrate VM from VMWare Actual results: On line 5414: attached virt-v2v.log libguestfs: trace: v2v: selinux_relabel "/etc/selinux/targeted/contexts/files/file_contexts" "/" "force:true" guestfsd: <= selinux_relabel (0x1d3) request length 108 bytes commandrvf: stdout=n stderr=y flags=0x0 commandrvf: setfiles -m usage: setfiles [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file pathname... usage: setfiles [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file -f filename usage: setfiles -s [-diIDlmnpqvFW] spec_file commandrvf: stdout=n stderr=y flags=0x0 commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e /sysroot/selinux -e /sysroot/sys -m -r /sysroot -v /sysroot/etc/selinux/targeted/contexts/files/file_contexts /sysroot/ Can't stat exclude path "/sysroot/selinux", No such file or directory - ignoring. setfiles: /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /.*. /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument guestfsd: error: Can't stat exclude path "/sysroot/selinux", No such file or directory - ignoring. setfiles: /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /.*. /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument guestfsd: => selinux_relabel (0x1d3) took 0.12 secs libguestfs: trace: v2v: selinux_relabel = -1 (error) virt-v2v: error: libguestfs error: selinux_relabel: Can't stat exclude path "/sysroot/selinux", No such file or directory - ignoring. setfiles: /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /.*. /sysroot/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument rm -rf '/var/tmp/null.WFupAO' libguestfs: trace: v2v: close Expected results: Conversion successful. Committing all overlays to local disks. (0.00/100%) .... (100.00/100%) Image committed. Commit successful. Cleaning up. Additional info: