Red Hat Bugzilla – Full Text Bug Listing
|Summary:||libvirt should own /var/cache/libvirt in spec file|
|Product:||[Fedora] Fedora||Reporter:||Daniel Walsh <dwalsh>|
|Component:||libvirt||Assignee:||Daniel Veillard <veillard>|
|Status:||CLOSED RAWHIDE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||rawhide||CC:||berrange, clalance, crobinso, itamar, markmc, veillard, virt-maint|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2009-04-30 03:06:52 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Daniel Walsh 2009-04-21 14:36:53 EDT
Description of problem: SELinux is not labeling it properly and init script is trying to create the directory on start. Ends up with the wrong label.
Comment 1 Mark McLoughlin 2009-04-22 02:46:15 EDT
Dan, what ends up breaking as a result? (i.e. should it be on the blocker list?)
Comment 2 Daniel Berrange 2009-04-22 04:46:55 EDT
THe /var/cache/libvirt directory gets wrong SELinux labelling, so virDomainMemoryPeek() api will fail if running SELinux enforcing mode.
Comment 3 Daniel Walsh 2009-04-22 07:47:04 EDT
Well only if you remove the unconfined.pp package, Since by default libvirt is currently running as an unconfined domain. If qemu processes do not use this directory, nothing bad should happen. But these files will remain mislabeled until we trigger a relabel, and could cause other problems.
Comment 4 Daniel Berrange 2009-04-22 07:55:17 EDT
Actually QEMU processes do use this directory. What happens with virDomainPeek is: - Application invokes virDomainPeek - Libvirt's QEMU driver, talks to the QEMU monitor console to say 'dump memory region XXX to /var/cache/libivirt/mem.YYYY' - QEMU now writes that requested memory region to the given file - libvirtd them reads the data from that file & deletes it So, QEMU needs to be able to create new files in that directory, and thus we need to make sure labelling is correct.
Comment 5 Daniel Walsh 2009-04-22 08:15:00 EDT
Ok then this needs to be fixed.
Comment 6 Daniel Veillard 2009-04-28 05:39:10 EDT
I just build libvirt-0.6.3-2.fc12 in rawhide with the fix, Daniel
Comment 7 Mark McLoughlin 2009-04-28 06:15:14 EDT
DV: you've built the fix into dist-f12, but rawhide is built from dist-f11 at the moment. We need it fixed for F-11, too So, you'll need to: 1) Fix in rpms/libvirt/F-11 and build; the build will go to dist-f11-updates-candidate 2) Request rel-eng to tag it into dist-f11 according to https://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy
Comment 8 Daniel Veillard 2009-04-28 07:36:50 EDT
1) done libvirt-0.6.2-3.fc11 built in dist-f11-updates-candidate I let you do 2) Daniel
Comment 9 Mark McLoughlin 2009-04-28 10:15:47 EDT
Tag request https://fedorahosted.org/rel-eng/ticket/1673
Comment 10 Mark McLoughlin 2009-04-30 03:06:52 EDT
This is in rawhide now