Bug 499569

Summary: Guest with source-less cdrom fails to start :: Failed to set security label
Product: [Fedora] Fedora Reporter: Alan Pevec <apevec>
Component: libvirtAssignee: Daniel Berrange <berrange>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: rawhideCC: berrange, clalance, crobinso, dcantrell, dwalsh, itamar, markmc, muep, twaugh, veillard, virt-maint
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-03 05:58:47 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 498968    
Attachments:
Description Flags
Skip labelling if no src path present none

Description Alan Pevec 2009-05-07 04:57:38 EDT
Description of problem:
libvir: Security Labeling error : SELinuxSetFilecon: unable to set security context 'system_u:object_r:virt_content_t:s0' on (null): Bad address.
libvir: QEMU error : internal error Failed to set security label

Version-Release number of selected component (if applicable):
libvirt-0.6.2-4.fc11.x86_64
virt-manager-0.7.0-4.fc11.x86_64
python-virtinst-0.400.3-7.fc11.noarch

How reproducible:
always

Steps to Reproduce:
1. create VM with virt-manager
2. reboot after installation
3.
  
Actual results:
VM fails to start

Expected results:
VM starts normally

Additional info:
works after removing CDROM definition, seems that missing <source> is what makes it fail:
    <disk type='block' device='cdrom'>
      <target dev='hdc' bus='ide'/>
      <readonly/>
    </disk>
This is a valid CDROM definition, it represents CDROM w/o media.
Comment 1 Mark McLoughlin 2009-05-07 05:29:58 EDT
Sounds like libvirt-0.6.3-shared-readonly-label.patch needs to check disk->src is non-null ?

Relates to the fix for bug #493692
Comment 2 Daniel Berrange 2009-05-07 08:03:58 EDT
To temporarily work around this bug 

 - Open /etc/libvirt/qemu.conf in an editor
 - Set   security_driver="none"
 - service libvirtd restart

This disables the SELinux sVirt protection & re-labelling code, while still leaving the host as a whole protected (you basically just loose guest <-> guest protection)
Comment 3 Cole Robinson 2009-05-09 18:22:07 EDT
*** Bug 499838 has been marked as a duplicate of this bug. ***
Comment 4 Cole Robinson 2009-05-09 18:22:26 EDT
*** Bug 499844 has been marked as a duplicate of this bug. ***
Comment 5 Cole Robinson 2009-05-10 22:20:01 EDT
Created attachment 343309 [details]
Skip labelling if no src path present

Patch fixes things for me. I'll be committing to F11 and devel branches shortly.

I'll defer requesting an F11 tag for the package though since there are likely other high priority fixes we will want to get into a build for the final release, so we can just lump them together.
Comment 6 Mark McLoughlin 2009-05-11 06:15:57 EDT
* Sun May 10 2009 Cole Robinson <crobinso@redhat.com> - 0.6.2-8.fc11
- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)

http://koji.fedoraproject.org/koji/buildinfo?buildID=101640
Comment 7 Mark McLoughlin 2009-05-12 10:45:39 EDT
Tagged for F11:

  https://fedorahosted.org/rel-eng/ticket/1777

If someone could re-test and close, that would be most useful
Comment 8 Tim Waugh 2009-05-12 11:38:34 EDT
Works fine here with libvirt-0.6.2-8.fc11.x86_64.
Comment 9 Mark McLoughlin 2009-05-12 12:00:39 EDT
Thanks Tim
Comment 10 Mark McLoughlin 2009-07-03 05:46:50 EDT
Patch never got upstream, was dropped by the 0.6.4 rebase in F-12, re-opening

Patch posted upstream here:

  http://www.redhat.com/archives/libvir-list/2009-July/msg00050.html

Hopefully will be in 0.6.5
Comment 11 Mark McLoughlin 2009-07-03 05:58:47 EDT
* Fri Jul  3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-3.fc12
- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)