Bug 751725

Summary: virsh detach-device does not change owner and selinux label of USB device if device managed
Product: Red Hat Enterprise Linux 6 Reporter: Miroslav Vadkerti <mvadkert>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.2CC: acathrow, ajia, dallan, dyuan, iboverma, jyang, leiwang, mzhan, rwu, weizhan
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-0.9.9-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 06:36:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Miroslav Vadkerti 2011-11-07 11:08:29 UTC 
Description of problem:
After virsh detach-device the owner and selinux label of USB device is not transitioned back to the host system if the device has managed=yes set. I'm attaching the reproducer.

# ./virsh-detach-usb 
+ Printing usb device details before test
crw-rw-r--. root root system_u:object_r:usb_device_t:SystemLow /dev/bus/usb/003/002
+ Creating image for guest
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.00320035 s, 328 MB/s
+ Creating VM xml with given usb device
+ Starting VM
Domain guest1-dynamic created from guest1.xml

+ Printing usb device details
crw-rw-r--. qemu qemu system_u:object_r:svirt_image_t:s0:c273,c627 /dev/bus/usb/003/002
+ Detaching USB device
Device detached successfully

+ Stopping VM
Domain guest1-dynamic destroyed

+ Printing usb device details after detach and destroy
crw-rw-r--. qemu qemu system_u:object_r:svirt_image_t:s0:c273,c627 /dev/bus/usb/003/002
+ Cleanup

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. use the attached reproducer
  
Actual results:
usb device has owner/selinux label set to virtual machine

Expected results:
usb device has owner/selinux label set to host machine

Additional info:
Please note that if I do only virsh-destroy the device is transtitioned back
Comment 2 Osier Yang 2011-11-09 03:18:32 UTC 
This might be DUPLICATE with https://bugzilla.redhat.com/show_bug.cgi?id=730930, as "managed" is just meaningless for USB device currently, it's supported in XML,
but no codes for it actually.
Comment 4 Alex Jia 2011-11-11 09:22:22 UTC 
There are 2 issues in here:
1. As Osier said, need "managed" mode support for host usb device,
otherwise, can't return this USB to host with managed='yes' after 
shutting down guest.

2. The other is libvirt need to do some clean up work and should 
make sure the detached USB device with original permission and 
selinux context if libvirt has ever modified them.

Of course, also merge the above 2 into 1 as a RFE such as bug 730930.
Comment 5 Michal Privoznik 2011-12-16 15:22:05 UTC 
commit 13d5a6b83d5252ce323889022e142e797a96d89c
Author:     Michal Privoznik <mprivozn>
AuthorDate: Thu Dec 15 17:51:56 2011 +0100
Commit:     Michal Privoznik <mprivozn>
CommitDate: Fri Dec 16 11:53:03 2011 +0100

    qemu: Don't drop hostdev config until security label restore
    
    Currently, on device detach, we parse given XML, find the device
    in domain object, free it and try to restore security labels.
    However, in some cases (e.g. usb hostdev) parsed XML contains
    less information than freed device. In usb case it is bus & device
    IDs. These are needed during label restoring as a symlink into
    /dev/bus is generated from them. Therefore don't drop device
    configuration until security labels are restored.

v0.9.8-56-g13d5a6b
Comment 7 weizhang 2012-01-10 08:17:53 UTC 
verify pass on
libvirt-0.9.9-1.el6.x86_64
kernel-2.6.32-225.el6.x86_64
qemu-kvm-0.12.1.2-2.213.el6.x86_64


#ls -Z /dev/bus/usb/002/003
crw-rw-r--. root root system_u:object_r:usb_device_t:s0 /dev/bus/usb/002/003

# virsh attach-device kvm-rhel6u2-x86_64-new usb.xml 
Device attached successfully

# ls -Z /dev/bus/usb/002/003
crw-rw-r--. qemu qemu system_u:object_r:svirt_image_t:s0:c98,c194 /dev/bus/usb/002/003

# virsh detach-device kvm-rhel6u2-x86_64-new usb.xml
Device detached successfully

# virsh destroy kvm-rhel6u2-x86_64-new
Domain kvm-rhel6u2-x86_64-new destroyed

# ls -Z /dev/bus/usb/002/003
crw-rw-r--. root root system_u:object_r:usb_device_t:s0 /dev/bus/usb/002/003
Comment 9 errata-xmlrpc 2012-06-20 06:36:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0748.html