Bug 751725
| Summary: | virsh detach-device does not change owner and selinux label of USB device if device managed | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Miroslav Vadkerti <mvadkert> |
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 6.2 | CC: | acathrow, ajia, dallan, dyuan, iboverma, jyang, leiwang, mzhan, rwu, weizhan |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-0.9.9-1.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 06:36:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Miroslav Vadkerti
2011-11-07 11:08:29 UTC
This might be DUPLICATE with https://bugzilla.redhat.com/show_bug.cgi?id=730930, as "managed" is just meaningless for USB device currently, it's supported in XML, but no codes for it actually. There are 2 issues in here: 1. As Osier said, need "managed" mode support for host usb device, otherwise, can't return this USB to host with managed='yes' after shutting down guest. 2. The other is libvirt need to do some clean up work and should make sure the detached USB device with original permission and selinux context if libvirt has ever modified them. Of course, also merge the above 2 into 1 as a RFE such as bug 730930. commit 13d5a6b83d5252ce323889022e142e797a96d89c
Author: Michal Privoznik <mprivozn>
AuthorDate: Thu Dec 15 17:51:56 2011 +0100
Commit: Michal Privoznik <mprivozn>
CommitDate: Fri Dec 16 11:53:03 2011 +0100
qemu: Don't drop hostdev config until security label restore
Currently, on device detach, we parse given XML, find the device
in domain object, free it and try to restore security labels.
However, in some cases (e.g. usb hostdev) parsed XML contains
less information than freed device. In usb case it is bus & device
IDs. These are needed during label restoring as a symlink into
/dev/bus is generated from them. Therefore don't drop device
configuration until security labels are restored.
v0.9.8-56-g13d5a6b
verify pass on libvirt-0.9.9-1.el6.x86_64 kernel-2.6.32-225.el6.x86_64 qemu-kvm-0.12.1.2-2.213.el6.x86_64 #ls -Z /dev/bus/usb/002/003 crw-rw-r--. root root system_u:object_r:usb_device_t:s0 /dev/bus/usb/002/003 # virsh attach-device kvm-rhel6u2-x86_64-new usb.xml Device attached successfully # ls -Z /dev/bus/usb/002/003 crw-rw-r--. qemu qemu system_u:object_r:svirt_image_t:s0:c98,c194 /dev/bus/usb/002/003 # virsh detach-device kvm-rhel6u2-x86_64-new usb.xml Device detached successfully # virsh destroy kvm-rhel6u2-x86_64-new Domain kvm-rhel6u2-x86_64-new destroyed # ls -Z /dev/bus/usb/002/003 crw-rw-r--. root root system_u:object_r:usb_device_t:s0 /dev/bus/usb/002/003 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0748.html |