Bug 700320

Summary: Failed to pci hotplug/passthrough to guest with selinux enabled
Product: Red Hat Enterprise Linux 5 Reporter: zhanghaiyan <yoyzhang>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 5.7CC: ajia, ccui, dyuan, llim, mgrepl, mshao
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-30 10:06:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
/var/log/message for pci hotplug
none
/var/log/message for pci passthrough none

Description zhanghaiyan 2011-04-28 06:31:52 UTC 
Description of problem:
Failed to pci hotplug/passthrough to guest in selinux enabled

Version-Release number of selected component (if applicable):
- 2.6.18-256.el5
- kvm-83-230.el5
- libvirt-0.8.2-18.el5

How reproducible:
always

Steps to Reproduce:
1. Enable vt-d on the host
2. # getenforce 
Enforcing
3. # virsh nodedev-list --tree
computer
 |
  +- pci_8086_10de
  |   |
  |   +- net_00_25_64_a7_1f_4d
  |     
  +- pci_8086_244e
  +- pci_8086_2822
  |   |
........
4. # virsh nodedev-dumpxml pci_8086_10de
<device>
  <name>pci_8086_10de</name>
  <parent>computer</parent>
  <driver>
    <name>e1000e</name>
  </driver>
  <capability type='pci'>
    <domain>0</domain>
    <bus>0</bus>
    <slot>25</slot>
    <function>0</function>
    <product id='0x10de'>82567LM-3 Gigabit Network Connection</product>
    <vendor id='0x8086'>Intel Corporation</vendor>
  </capability>
</device>
5. # cat nodedev.xml 
<hostdev mode='subsystem' type='pci' managed='yes'>
 <source>
  <address bus='0' slot='0x19' function='0'/>
 </source>
</hostdev>
6. Start a guest
# virsh start rhel61
Domain rhel61 started
7. # virsh attach-device rhel61 nodedev.xml 
error: Failed to attach device from nodedev.xml
error: operation failed: parsing pci_add reply failed: Failed to assign device
failed to add host=00:19.0
8. OR change to do pci passthrough, firstly shutdown the guest, then add nodedev.xml info into guest config file and try to start the guest

  
Actual results:
7. Failed to hotplug pci device to guest
8. Failed to boot up the guest when passthrough the pci device to guest

Expected results:
7. pass
8. pass

Additional info:
If change selinux to permissive, both the operation could be pass.
Comment 1 zhanghaiyan 2011-04-28 06:33:30 UTC 
Created attachment 495415 [details]
/var/log/message for pci hotplug
Comment 2 zhanghaiyan 2011-04-28 06:34:21 UTC 
Created attachment 495416 [details]
/var/log/message for pci passthrough
Comment 3 zhanghaiyan 2011-04-28 09:47:23 UTC 
I searched the closed bug 644276 which is talking the same issue. But the technical note is not quite clear for me to understand. 
Does the selinux-policy package changes "virt_use_sysfs" boolean to on automatically or need users set the boolean to on manually ? Which is expected ?
In my actual test, I have to manually set the boolean to on.
Comment 4 Cui Chun 2011-05-19 08:19:30 UTC 
Miroslav,

Could you please take a look comment3 and give a feedback?

Thanks.
Comment 5 Miroslav Grepl 2011-05-19 11:15:39 UTC 
The "virt_use_sysfs" boolean was updated but you still set the boolean to on manually.
Comment 6 zhanghaiyan 2011-05-30 10:06:47 UTC 

*** This bug has been marked as a duplicate of bug 644276 ***