Bug 859331
| Summary: | Create new guest fail with usermode | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | yuping zhang <yupzhang> |
| Component: | libvirt | Assignee: | Martin Kletzander <mkletzan> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.4 | CC: | acathrow, dallan, dyasny, dyuan, gsun, jdenemar, mzhan, rwu, whuang, ydu, zhwang, zpeng |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-0.10.2-4.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 07:24:08 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Could you do: restorecon -FvvR after the directory gets created, check if it is cache_home_t and try if virt-manager succeeds then? Thanks, Martin (In reply to comment #3) > Could you do: > > restorecon -FvvR > > after the directory gets created, check if it is cache_home_t and try if > virt-manager succeeds then? > > Thanks, Martin Hi Martin, Virt-manager still fail,the context still is user_home_t. If you need this environment to debug,please ping me (yuping) in libvirt channel or send email to me. Thanks, Yuping 1 pkg # rpm -qa kernel libvirt qemu-kvm kernel-2.6.32-307.el6.x86_64 qemu-kvm-0.12.1.2-2.316.el6.x86_64 libvirt-0.10.2-3.el6.x86_64 2 steps 1.Create a new user and then login to it. 2# su test2 $ virsh list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '/home/test2/.libvirt/libvirt-sock': No such file or directory $ service libvirtd status libvirtd (pid 29940) is running... 3 results I can't use the virsh command in the user mode ,even if the libvirtd service is running The problem in comment 8 works well in pkg libvirt-0.10.2-0rc1.el6.x86_64, however it didn't work in the new pkg libvirt-0.10.2-3.el6.x86_64. Is it caused by the new patch or other bugs ? thanks It is, unfortunately, caused by the same patch that fixed this bug. Moving back to ASSIGNED until fixed. pkgs
# rpm -q libvirt qemu-kvm kernel
libvirt-0.10.2-4.el6.x86_64
qemu-kvm-0.12.1.2-2.316.el6.x86_64
kernel-2.6.32-307.el6.x86_64
steps
1.Create a new user and then login to it.
2.Connect local root libvirt with qemu+ssh,then exit
$ virsh -c qemu+ssh://root.0.1/system
root.0.1's password:
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh # list
Id Name State
----------------------------------------------------
1 testfull running
virsh # exit
3.Open virt-manager or use virsh create a new guest,create a new guest.I can create guest succesfully in the user mode
$ virt-manager -c qemu:///session
then install a guest in usermode
$ virsh list
Id Name State
----------------------------------------------------
1 abcd running
4 after finishing installing the guest,do follow operation
$ virsh destroy abcd
Domain abcd destroyed
$ virsh start abcd
Domain abcd started
$ virsh suspend abcd
Domain abcd suspended
$ virsh resume abcd
Domain abcd resumed
$ virsh shutdown abcd
Domain abcd is being shutdown
Since the guest can start successfully ,the problem in comment 8 was solved correctly and I can also reproduce this bug in the pkg libvirt-0.10.2-0rc1.el6.x86_64, so this is fixed.
Hi ,
It can still reproduce this bug with rhel6.4 snapshot5 tree.
$ virt-manager -c qemu:///session --debug
......
[Mon, 28 Jan 2013 18:49:42 virt-manager 5028] DEBUG (Storage:1252) Couldn't lookup storage volume in prog thread.
[Mon, 28 Jan 2013 18:49:43 virt-manager 5028] DEBUG (engine:426) Tick is slow, not running at requested rate.
[Mon, 28 Jan 2013 18:49:43 virt-manager 5028] DEBUG (Installer:407) Removing /home/tester/.virtinst/boot/virtinst-vmlinuz.NMXZXF
[Mon, 28 Jan 2013 18:49:43 virt-manager 5028] DEBUG (Installer:407) Removing /home/tester/.virtinst/boot/virtinst-initrd.img.CX6Q_V
[Mon, 28 Jan 2013 18:49:43 virt-manager 5028] DEBUG (error:80) dialog message: Unable to complete install: 'internal error Process exited while reading console log output: ' : Unable to complete install: 'internal error Process exited while reading console log output: '
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 44, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/create.py", line 1910, in do_install
guest.start_install(False, meter=meter)
File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1223, in start_install
noboot)
File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1291, in _create_guest
dom = self.conn.createLinux(start_xml or final_xml, 0)
File "/usr/lib64/python2.6/site-packages/libvirt.py", line 2622, in createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error Process exited while reading console log output:
Before change the dir context:
$ ll -Z .libvirt/ -d
drwxr-xr-x. tester tester unconfined_u:object_r:user_home_t:s0 .libvirt/
After change it, the guest can create well:
$ ll -Z .libvirt/ -d
drwxr-xr-x. tester tester unconfined_u:object_r:virt_home_t:s0 .libvirt/
And i think it's the same problem with bug 880044, what do you think about this bug?
Thanks!
We really fixed it and it was verified properly. However new bug has appeared, this time in SELinux policy. With old versions, there was a proper transition defined that could be found with: sesearch -T -t virtd_exec_t -s unconfined_t But (as seen in bug 880044) with newer versions of selinux-policy(-targeted), this rule is missing, hence libvirtd which is run for the session is not transitioned into virtd_t and the directories created do not fall under other transition rule that would change the context to the proper one. The problem that you're facing now is definitely the same as 880044, but I would treat it as a different bug. This one was dealing with the change from '.virsh' and '.libvirt' to '.cache' and '.config', which we successfully reverted (and it fixed the problem by that time), but since then, the selinux policy had changed (most probably to incorporate the mentioned change which was lately reverted) and exactly that is being dealt with in bug 880044. I think it makes sense to keep this bug for the change from ~/.{cache,config}/libvirt to ~/.libvirt and track the additional SELinux issues with bug 880044.
Test it with libvirt-0.10.2-18.el6.x86_64
libvirt user session use ~/.libvirt not ~/.{cache,config}/libvirt
bug 880044 is still assigned so selinux context is not corrected
After fix the context ,user session can create new guest .
[whuang@intel-q9400-4-1 ~]$ ll -Z /home/whuang/.{cache,config,libvirt}
ls: cannot access /home/whuang/.cache: No such file or directory
ls: cannot access /home/whuang/.config: No such file or directory
/home/whuang/.libvirt:
-rw-------. whuang qemu unconfined_u:object_r:user_home_t:s0 libvirtd.log
-rw-r--r--. whuang qemu unconfined_u:object_r:user_home_t:s0 libvirtd.pid
srwx------. whuang qemu unconfined_u:object_r:user_home_t:s0 libvirt-sock
drwxr-xr-x. whuang qemu unconfined_u:object_r:user_home_t:s0 qemu
drwxr-xr-x. whuang qemu unconfined_u:object_r:user_home_t:s0 storage
[whuang@intel-q9400-4-1 ~]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0276.html |
Description of problem: Create new guest will fail with usermode as selinux context of ~/.cache and ~/.config file is user_home_t. Version-Release number of selected component (if applicable): libvirt-0.10.2-0rc1.el6.x86_64 qemu-kvm-0.12.1.2-2.313.el6.x86_64 kernel-2.6.32-287.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 selinux-policy-3.7.19-154.el6.noarch How reproducible: always Steps to Reproduce: 1.Create a new user and then login to it. 2.Connect local root libvirt with qemu+ssh,then exit $ virsh -c qemu+ssh://root.0.1/system root.0.1's password: Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # list Id Name State ---------------------------------------------------- 2 win7_64 running virsh # exit 3.Open virt-manager or use virsh create a new guest,create a new guest.Here I will use virt-manager $virt-manager -c qemu:///session --debug .... 2012-09-21 16:47:11,924 (error:80): dialog message: Unable to complete install: 'internal error Timed out while reading console log output: ' : Unable to complete install: 'internal error Timed out while reading console log output: ' Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 44, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/create.py", line 1910, in do_install guest.start_install(False, meter=meter) File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1223, in start_install noboot) File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1291, in _create_guest dom = self.conn.createLinux(start_xml or final_xml, 0) File "/usr/lib64/python2.6/site-packages/libvirt.py", line 2606, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: internal error Timed out while reading console log output: 4.$ ll .cache/ -Zd drwxr-xr-x. yuping yuping unconfined_u:object_r:user_home_t:s0 .cache/ The context of .cache/ is user_home_t, if change to virt_home_t,create guest successfully Actual results: Create a new guest fail. Expected results: Create guest successfully Additional info: 1.This is a normal scenario as qemu:///system is always set auto-connect, this issue will reproduce when non-root user login first time and open virt-manager. 2.This issue will not reproduce if non-root user login with #virt-manager -c qemu:///session first time,because the context of .cache will be set to virt_home_t. 3.And also,the .config/ file still have this problems on some machines. 4.It works well on libvirt-0.9.10-21.el6.x86_64.