Bug 510507

Summary: file context restored by stopped guest while others guests using a shared file
Product: [Fedora] Fedora Reporter: Gene Czarcinski <gczarcinski>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: berrange, clalance, crobinso, itamar, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-04 15:12:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gene Czarcinski 2009-07-09 14:55:32 UTC 
Description of problem:
When two or more guests are sharing a common disk/CD/DVD, the file's context is set to "virt_content_t" when the first guest starts to run.  However, the first of those guests to stop running will restorecon the file's context even though the other guests may still be attempting to access that file.

Version-Release number of selected component (if applicable):
Fedora 11 plus preview:
libvirt.x86_64                      0.6.5-1.fc11                  @rawvirt      
libvirt-python.x86_64               0.6.5-1.fc11                  @rawvirt      
qemu.x86_64                         2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-common.x86_64                  2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-img.x86_64                     2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-kvm.x86_64                     2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-arm.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-cris.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-m68k.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-mips.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-ppc.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-sh4.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-sparc.x86_64            2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-x86.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-user.x86_64                    2:0.10.50-8.kvm87.fc11        @rawvirt      
virt-manager.x86_64                 0.7.0-5.fc11                  @updates      
virt-top.x86_64                     1.0.3-4.fc11                  @fedora       
virt-viewer.x86_64                  0.0.3-4.fc11                  @fedora

How reproducible:
every time

Steps to Reproduce:
1. Run two guests which share a common ISO image
2. Do ls -Z on the shared file
3. stop one of the guests
4. do ls -Z on the shared file
  
Actual results:
File context is restored when the first guest is stopped.

Expected results:
File context should not be restoed until the last guest using the file is stopped.

Additional info:
Comment 1 Daniel Berrangé 2009-08-04 15:12:54 UTC 
Current libvirt has the F11 patch applied to skip relabelling of shared/readonly disks upon shutdown

commit ed5a25841ff0838b1b7afa881b5d369ace1aad9c
Author: Daniel P. Berrange <berrange>
Date:   Wed Jul 15 12:45:13 2009 +0100

    Don't restore labels on shared/readonly disks
    
    * src/security_selinux.c: Skip relabelling of shared/readonly
      disks upon shutdown, since this breaks other VMs still active
      using those disks