Bug 692001

Summary: libvirt can't restore compressed save image when selinux is enforcing
Product: Red Hat Enterprise Linux 6 Reporter: weizhang <weizhan>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: high    
Version: 6.1CC: dyuan, eblake, gren, llim, yoyzhang
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-30 16:31:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description weizhang 2011-03-30 07:14:53 UTC
Description of problem:
When save_image_format is set to anything other than the default raw on qemu.conf,
virsh restore will failed with error:
error: Failed to restore domain from /tmp/guest.save
error: unable to set security context 'system_u:object_r:svirt_image_t:s0:c57,c1018' on fd 26: Permission denied

Version-Release number of selected component (if applicable):
kernel-2.6.32-125.el6.x86_64
qemu-kvm-0.12.1.2-2.153.el6.x86_64
libvirt-0.8.7-15.el6.x86_64


How reproducible:
100%

Steps to Reproduce:
1. Make sure that selinux is enforcing
# getenforce
Enforcing
2. Change /etc/libvirt/qemu.conf 
add   
  save_image_format = "bzip2" 
3. restart libvirtd and start a guest
#service libvirtd restart
#virsh start guest
4. save the guest to a file
virsh save guest /tmp/guest.save
5. restore the guest from this file
virsh restore /tmp/guest.save
6. loop upper steps with save_image_format = "xz", "gzip" and "lzop"
  
Actual results:
report an error like:
error: Failed to restore domain from /tmp/guest.save
error: unable to set security context 'system_u:object_r:svirt_image_t:s0:c57,c1018' on fd 26: Permission denied

Expected results:
Domain restored from guest.save

Additional info:

Comment 1 Eric Blake 2011-03-30 16:31:50 UTC
This is a known SELinux problem, bug 691499.

To work around it, use 'run_init service libvirtd restart' so that libvirtd is running with the proper context, rather than an unconfined context.

*** This bug has been marked as a duplicate of bug 691499 ***