Bug 496945

Summary: libvirt should own /var/cache/libvirt in spec file
Product: [Fedora] Fedora Reporter: Daniel Walsh <dwalsh>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: berrange, clalance, crobinso, itamar, markmc, veillard, virt-maint
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-30 03:06:52 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 480594    

Description Daniel Walsh 2009-04-21 14:36:53 EDT
Description of problem:



SELinux is not labeling it properly and init script is trying to create the directory on start.  Ends up with the wrong label.
Comment 1 Mark McLoughlin 2009-04-22 02:46:15 EDT
Dan, what ends up breaking as a result?

(i.e. should it be on the blocker list?)
Comment 2 Daniel Berrange 2009-04-22 04:46:55 EDT
THe /var/cache/libvirt directory gets wrong SELinux labelling, so virDomainMemoryPeek() api will fail if running SELinux enforcing mode.
Comment 3 Daniel Walsh 2009-04-22 07:47:04 EDT
Well only if you remove the unconfined.pp package,   Since by default libvirt is currently running as an unconfined domain.  If qemu processes do not use this directory, nothing bad should happen.  But these files will remain mislabeled until we trigger a relabel, and could cause other problems.
Comment 4 Daniel Berrange 2009-04-22 07:55:17 EDT
Actually QEMU processes do use this directory.

What happens with virDomainPeek is:

 - Application invokes virDomainPeek
 - Libvirt's QEMU driver, talks to the QEMU monitor console to say 'dump memory region XXX to /var/cache/libivirt/mem.YYYY'
 - QEMU now writes that requested memory region to the given file
 - libvirtd them reads the data from that file & deletes it


So, QEMU needs to be able to create new files in that directory, and thus we need to make sure labelling is correct.
Comment 5 Daniel Walsh 2009-04-22 08:15:00 EDT
Ok then this needs to be fixed.
Comment 6 Daniel Veillard 2009-04-28 05:39:10 EDT
I just build libvirt-0.6.3-2.fc12 in rawhide with the fix,

Daniel
Comment 7 Mark McLoughlin 2009-04-28 06:15:14 EDT
DV: you've built the fix into dist-f12, but rawhide is built from dist-f11 at the moment. We need it fixed for F-11, too

So, you'll need to:

  1) Fix in rpms/libvirt/F-11 and build; the build will go to 
     dist-f11-updates-candidate

  2) Request rel-eng to tag it into dist-f11 according to
     https://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy
Comment 8 Daniel Veillard 2009-04-28 07:36:50 EDT
1) done libvirt-0.6.2-3.fc11 built in dist-f11-updates-candidate

I let you do 2) 

Daniel
Comment 9 Mark McLoughlin 2009-04-28 10:15:47 EDT
Tag request https://fedorahosted.org/rel-eng/ticket/1673
Comment 10 Mark McLoughlin 2009-04-30 03:06:52 EDT
This is in rawhide now