Bug 706341

Summary: The svirt label is lost for the domain saved file
Product: Red Hat Enterprise Linux 5 Reporter: Cui Chun <ccui>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.7CC: dallan, dyuan, hjiang, mzhan, yoyzhang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-15 19:45:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Cui Chun 2011-05-20 07:34:51 UTC 
Description of problem:
The svirt label is lost for the domain saved file.

Version-Release number of selected component (if applicable):

libvirt-0.8.2-20.el5
kvm-83-232.el5

How reproducible:
Always

Steps to Reproduce:

1. Make sure the selinux is enforcing

# getenforce 
Enforcing

2. Start a VM

# virsh list --all
 Id Name                 State
----------------------------------
 24 w2k3                 running
  - vm                   shut off

3. Save the running vm, and check the context of the save file.

# virsh save w2k3 w2k3.save
Domain w2k3 saved to w2k3.save

# ll -Z w2k3.save 
-rw-------  root root system_u:object_r:default_t      w2k3.save

  
Actual results:

Step 3.

Expected results:

svirt label should be added. like:

-rw-------  root root system_u:object_r:svirt_image_t:s0:c451,c925   w2k3.save


Additional info:
Comment 1 Cui Chun 2011-05-20 09:06:05 UTC 
The svirt label can be added for some path, but failed for other path.

For example:
# ll -Z /tmp/w2k3.save 
-rw-------  root root system_u:object_r:svirt_image_t:s0:c335,c977 /tmp/w2k3.save

# ll -Z /home/w2k3.save 
-rw-------  root root system_u:object_r:default_t      /home/w2k3.save
Comment 2 Huming Jiang 2011-06-02 03:36:39 UTC 
Could reproduce this bug on the following components of rh5.6:
libvirt-0.8.2-15.el5
kvm-83-224.el5

Steps:
# getenforce 
Enforcing

2. # virsh list --all
 Id Name                 State
----------------------------------
  5 rh5.6                running
  - a                    shut off

3. Save the running vm, and check the context of the save file.

#cd /var/lib/libvirt/images
#virsh save rh5.6 rh5.6.save
Domain rh5.6 saved to rh5.6.save

# ll -Z rh5.6.save 
-rw-------  root root system_u:object_r:virt_image_t   rh5.6.save

# virsh restore rh5.6.save 
Domain restored from rh5.6.save
#virsh save rh5.6 /tmp/rh5.6.save
Domain rh5.6 saved to /tmp/rh5.6.save
# ll -Z /tmp/rh5.6.save
-rw-------  root root system_u:object_r:svirt_image_t:s0:c600,c619 /tmp/rh5.6.save

# virsh restore /tmp/rh5.6.save 
Domain restored from /tmp/rh5.6.save

# virsh save rh5.6 /home/rh5.6.save
Domain rh5.6 saved to /home/rh5.6.save

# ll -Z /home/rh5.6.save 
-rw-------  root root system_u:object_r:default_t      /home/rh5.6.save
Comment 3 RHEL Program Management 2011-06-21 05:29:50 UTC 
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.7 and Red Hat does not plan to fix this issue the currently developed update.

Contact your manager or support representative in case you need to escalate this bug.
Comment 5 RHEL Program Management 2011-08-15 19:45:26 UTC 
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.