Bug 733996

Summary: [RFE][virt-install]should allow user specify static label for security driver setting when install vm
Product: Red Hat Enterprise Linux 6 Reporter: zhe peng <zpeng>
Component: python-virtinstAssignee: Cole Robinson <crobinso>
Status: CLOSED UPSTREAM QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: bsarathy, jwu, mzhan, rwu
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 734000 (view as bug list) Environment:
Last Closed: 2012-02-01 19:08:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 734000    
Attachments:
Description Flags
full debug info none

Description zhe peng 2011-08-29 06:35:55 UTC 
Created attachment 520296 [details]
full debug info

Description of problem:
can set relabel option for security driver setting when install vm.


Version-Release number of selected component (if applicable):
python-virtinst-0.600.0-2.el6.noarch
libvirt-0.9.4-5.el6


How reproducible:
always

Steps to Reproduce:
1.install a vm with static security settings.
1.# virt-install -n demo -r 1024 -f /var/lib/libvirt/images/test.img -s 5 --security type=static,label='system_u:system_r:svirt_t:s0:c100,c200' -c /dev/cdrom --debug
.........
Mon, 29 Aug 2011 02:03:29 ERROR    internal error Process exited while reading console log output: char device redirected to /dev/pts/8
qemu-kvm: -drive file=/var/lib/libvirt/images/demo.img,if=none,id=drive-ide0-0-0,format=raw,cache=none: could not open disk image /var/lib/libvirt/images/demo.img: Permission denied

Mon, 29 Aug 2011 02:03:29 DEBUG    Traceback (most recent call last):
  File "/usr/sbin/virt-install", line 620, in start_install
    noboot=options.noreboot)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1223, in start_install
    noboot)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1291, in _create_guest
    dom = self.conn.createLinux(start_xml or final_xml, 0)
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 1966, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error Process exited while reading console log output: char device redirected to /dev/pts/8
qemu-kvm: -drive file=/var/lib/libvirt/images/demo.img,if=none,id=drive-ide0-0-0,format=raw,cache=none: could not open disk image /var/lib/libvirt/images/demo.img: Permission denied

install will failed with Permission denied.

if have an existing image file,with correctly security label,the install will successful.mention in bug:https://bugzilla.redhat.com/show_bug.cgi?id=698085#c9

for libvirt ,there have a new attribute "relabel=yes",refer to http://libvirt.org/formatdomain.html#seclabel

so, customer need setting static security label without having an existing image file when install a new vm.
like command line:
# virt-install -n demo -r 1024 -f /var/lib/libvirt/images/test.img -s 5 --security type=static,relable=yes,label='system_u:system_r:svirt_t:s0:c100,c200' -c /dev/cdrom --debug


  
Actual results:
see Steps to Reproduce

Expected results:
should install vm successful with static security label if not have existing image file.

Additional info:
Comment 1 Cole Robinson 2011-09-26 15:58:06 UTC 
Upstream now:

http://git.fedorahosted.org/git?p=python-virtinst.git;a=commit;h=d6268d78fb1ebd1983d6b3fbfd3db0b1f6942d92
Comment 3 Cole Robinson 2012-02-01 19:08:37 UTC 
On second thought I don't think this is even worth backporting: static label usage is uncommon, and virtinst/virt-manager haven't had any customer complaints or feature requests regarding this functionality. Backporting isn't really worth the effort IMO

Just closing as UPSTREAM