Bug 825068
| Summary: | Start a guest with assigned usb device which is used by another guest will reset the label | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | weizhang <weizhan> | ||||
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 6.3 | CC: | acathrow, ajia, dallan, dyasny, dyuan, mprivozn, mzhan, rwu, veillard | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | libvirt-0.9.13-3.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-02-21 07:15:25 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Moving to POST:
commit 86032b2276ace5a7977aad2bbae73b4c33e31914
Author: Michal Privoznik <mprivozn>
AuthorDate: Mon Jun 11 15:57:19 2012 +0200
Commit: Michal Privoznik <mprivozn>
CommitDate: Tue Jun 12 11:14:38 2012 +0200
qemu: Don't overwrite security labels
Currently, if qemuProcessStart fail at some point, e.g. because
domain being started wants a PCI/USB device already assigned to
a different domain, we jump to cleanup label where qemuProcessStop
is performed. This unconditionally calls virSecurityManagerRestoreAllLabel
which is wrong because the other domain is still using those devices.
However, once we successfully label all devices/paths in
qemuProcessStart() from that point on, we have to perform a rollback
on failure - that is - we have to virSecurityManagerRestoreAllLabel.
commit 69dd77149cacc6b12740bd70b729b6cb7506f4e0
Author: Michal Privoznik <mprivozn>
AuthorDate: Mon Jun 11 15:20:44 2012 +0200
Commit: Michal Privoznik <mprivozn>
CommitDate: Tue Jun 12 09:57:02 2012 +0200
qemuProcessStop: Switch to flags
Currently, we are passing only one boolean (migrated) so there is
no real profit in this. But it creates starting position for
next patch.
v0.9.12-180-g86032b2
v0.9.12-179-g69dd771
I can reproduce this issue on libvirt-0.9.10-21.el6.x86_64 with qemu-img-rhev-0.12.1.2-2.295.el6.x86_64, and it's fine on libvirt-0.9.13-3.el6.x86_64 with qemu-img-rhev-0.12.1.2-2.295.el6.x86_64, so move the bug to VERIFIED status. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0276.html |
Created attachment 586744 [details] log for starting 2 guest with assigned same usb Description of problem: When start the guest with assigned usb device which is used by other guest will cause the label of use changed back to system_u:object_r:usb_device_t:s0 Version-Release number of selected component (if applicable): kernel-2.6.32-269.el6.x86_64 qemu-kvm-0.12.1.2-2.292.el6.x86_64 libvirt-0.9.10-21.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1. Start a guest with assigned usb device, check the label of usb # cat usb.xml <hostdev mode='subsystem' type='usb' managed='yes'> <source> <address bus='2' device='7'/> </source> </hostdev> # virsh attach-device kvm-rhel6u3-x86_64 usb.xml --persistent # virsh start kvm-rhel6u3-x86_64 Domain kvm-rhel6u3-x86_64 started # ll /dev/bus/usb/002/ -Z crw-rw-r--. root root system_u:object_r:usb_device_t:s0 001 crw-rw-r--. qemu qemu system_u:object_r:svirt_image_t:s0:c402,c919 007 2. Start second guest with assigned same usb device, check the label of usb # virsh attach-device kvm-rhel6u3-i386 usb.xml --persistent # virsh start kvm-rhel6u3-i386 error: Failed to start domain kvm-rhel6u3-i386 error: Requested operation is not valid: USB device 002:007 is in use by domain kvm-rhel6u3-x86_64 # ll /dev/bus/usb/002/ -Z crw-rw-r--. root root system_u:object_r:usb_device_t:s0 001 crw-rw-r--. root root system_u:object_r:usb_device_t:s0 007 Actual results: The label changed back to system_u:object_r:usb_device_t:s0 Expected results: The label should keep after first guest started Additional info: