Bug 698085
Summary: | virt-install:set static security label not take effect for guest | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | zhe peng <zpeng> |
Component: | python-virtinst | Assignee: | Cole Robinson <crobinso> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.1 | CC: | dyuan, hjiang, mzhan, nzhang |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause:
Specifying a static selinux label via virt-install did not build a correct guest configuration.
Consequence:
The static selinux label did not take effect for the guest.
Fix:
Generate correct configuration
Result:
Static labels work
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2011-12-06 16:16:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
zhe peng
2011-04-20 07:07:56 UTC
Please provide the output of virt-install --debug (also please do so for any future virt-* bug reports) Actually, I can reproduce, so no need for --debug output Fixed upstream: http://git.fedorahosted.org/git?p=python-virtinst.git;a=commit;h=7d13024da60ad9f7b2123783a71ed061721c3793 Fixed in python-virtinst-0.600.0-1.el6 Could still reproduce this bug in the following componets: python-virtinst-0.600.0-1.el6. libvirt-0.9.4-0rc1.el6.x86_64 kernel-2.6.32-171.el6.x86_64 qemu-kvm-0.12.1.2-2.174.el6.x86_64 How reproducible: always Steps to Reproduce: # virt-install -n demo -r 512 -f /var/lib/libvirt/images/demo.img -s 5 -c /dev/cdrom --security type=static,label='system_u:object_r:svirt_image_t:s0:c100,c200' Starting install... ERROR internal error Process exited while reading console log output: libvir: error : cannot execute binary /usr/libexec/qemu-kvm: Permission denied Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start demo otherwise, please restart your installation. (In reply to comment #6) > Could still reproduce this bug in the following componets: > python-virtinst-0.600.0-1.el6. > libvirt-0.9.4-0rc1.el6.x86_64 > kernel-2.6.32-171.el6.x86_64 > qemu-kvm-0.12.1.2-2.174.el6.x86_64 > How reproducible: > always > > Steps to Reproduce: When i reproduced this bug use the above packages, I met the following problem, so whether this bug has been fixed or not is unknown for me(Sorry for comment 6 ). The following error message is a new problem about this bug. So set the bug status to ASSIGNED. > > # virt-install -n demo -r 512 -f /var/lib/libvirt/images/demo.img -s 5 -c > /dev/cdrom --security > type=static,label='system_u:object_r:svirt_image_t:s0:c100,c200' > > Starting install... > ERROR internal error Process exited while reading console log output: > libvir: error : cannot execute binary /usr/libexec/qemu-kvm: Permission denied > > Domain installation does not appear to have been successful. > If it was, you can restart your domain by running: > virsh --connect qemu:///system start demo > otherwise, please restart your installation. The initial report said that even if the user specified --security type=static we would still generate XML with type=dynamic. You should be able to confirm that virt-install did the correct thing by specifying --debug and checking that the generated XML has <seclabel type='static' in it. That said, there might be other issues here, but those would be separate bugs. verified with the following components: python-virtinst-0.600.0-2.el6.noarch libvirt-0.9.4-0rc1.2.el6.x86_64 qemu-kvm-0.12.1.2-2.175.el6.x86_64 kernel-2.6.32-171.el6.x86_64 Steps: 1.chcon system_u:object_r:svirt_image_t:s0:c100,c200 /var/lib/libvirt/images/test.img 2. virt-install -n test -r 512 -f /var/lib/libvirt/images/test.img --import --security type=static,label='system_u:system_r:svirt_t:s0:c100,c200' --debug ... <seclabel type='static' model='selinux' relabel='no'> <label>system_u:system_r:svirt_t:s0:c100,c200</label> </seclabel> ... 3. virsh dumpxml test ... <seclabel type='static' model='selinux' relabel='no'> <label>system_u:system_r:svirt_t:s0:c100,c200</label> </seclabel> ... Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Specifying a static selinux label via virt-install did not build a correct guest configuration. Consequence: The static selinux label did not take effect for the guest. Fix: Generate correct configuration Result: Static labels work Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1643.html |