Bug 881585

Summary: qemu-ga: guest-suspend-ram fails when using pm-utils
Product: Red Hat Enterprise Linux 6 Reporter: langfang <flang>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Milos Malik <mmalik>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.4CC: bsarathy, chayang, dwalsh, dyuan, eparis, flang, jiahu, juzhang, lcapitulino, lvrabec, marcandre.lureau, mkenneth, mmalik, qzhang, rbalakri, sluo, virt-maint, xfu, xigao, zhwang
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-25 12:33:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 912287    

Description langfang 2012-11-29 07:15:15 UTC 
Description of problem:
 qemu-ga show error "UndefinedError" when do S3/S4 successfully

Version-Release number of selected component (if applicable):
host:
# uname -r
2.6.32-338.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.337.el6.x86_64
guest:
qemu-guest-agent-0.12.1.2-2.337.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.boot guest  with virtio serial
....-chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device  virtio-serial -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0  -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0...

2.Inside guest: #service qemu-ga start

3. On host:
# nc -U /tmp/qga.sock
{"execute":"guest-suspend-"}
{"error": {"class": "CommandNotFound", "desc": "The command guest-suspend- has not been found", "data": {"name": "guest-suspend-"}}}
{"execute":"guest-suspend-hybrid"}
{"error": {"class": "Unsupported", "desc": "this feature or command is not currently supported", "data": {}}}
{"execute":"guest-suspend-ram"}--->do S3,then press any key to resume guest,show as following error
{"error": {"class": "UndefinedError", "desc": "An undefined error has ocurred", "data": {}}}
{"execute":"guest-suspend-disk"}--->do S4

4.boot guest with same CLI

on host:
# nc -U /tmp/qga.sock
{"error": {"class": "UndefinedError", "desc": "An undefined error has ocurred", "data": {}}}-->when S4 resume,show error


Actual results:

when do S3/S4 successfully,show error info 

Expected results:

not show error info

Additional info:
Comment 2 langfang 2012-11-29 07:43:21 UTC 
addinfo:

Simplify this bug  problem is after do S3/S4 successfully--->then resume S3/S4 --->qemu-qa will show error info:

{"error": {"class": "UndefinedError", "desc": "An undefined error has ocurred", "data": {}}}
Comment 3 Luiz Capitulino 2012-11-29 12:33:42 UTC 
Are you sure suspend worked? You could try to things:

1. Send a guest-ping command right after the guest suspended. If you got a response then suspend probably failed

2. Try it manually with "echo mem > /sys/power/state" and see if it works
Comment 4 langfang 2012-12-03 11:11:35 UTC 
Hi Luiz

I tried test on the latest version more than 50 times .Can not hit this problem anymore.

version:

Host
#uname -r
2.6.32-344.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.337.el6.x86_64

Guest:
qemu-guest-agent-0.12.1.2-2.337.el6.x86_64


Steps as same as Description

Results:
After  S3/S4--->Resume sucessfully--->Not show error info


So ,i closed this bug as can not reproduce .

Addinfo:

/usr/libexec/qemu-kvm -M rhel6.4.0 -cpu Opteron_G3 -enable-kvm -uuid `uuidgen` -rtc base=localtime,clock=host,driftfix=slew -m 2G -smp 4,sockets=2,cores=2,threads=1 -name rhel6.3.z -drive file=/home/rhel6.4-latest.raw,if=none,id=drive-virtio-disk0,format=raw,cache=none,aio=native,media=disk,werror=stop,rerror=stop -device virtio-scsi-pci,id=bus1,addr=0x3 -device scsi-hd,bus=bus1.0,drive=drive-virtio-disk0,id=virtio-scsi-pci0 -boot c -usb -device usb-tablet,id=input1,bus=usb.0 -vnc :12 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=44:37:E6:97:58:88,addr=0x4 -serial unix:/tmp/tty0,server,nowait -device virtio-balloon-pci,bus=pci.0,id=balloon0,addr=0x5 -qmp tcp:0:4444,server,nowait -monitor stdio  -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device  virtio-serial -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0  -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -drive file=/home/RHEL6.3-20120613.2-Server-x86_64-DVD1.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0
Comment 5 Qunfang Zhang 2013-01-16 06:05:19 UTC 
Reopen this bug as I can reproduce this bug nearly 100%.  Start qemu-ga service and then send "guest-suspend-ram"/"guest-suspend-disk" commands, instead start "qemu-ga -m *** -p ***" command manually, will be easily reproduce the bug.

Guest agent version:
qemu-guest-agent-0.12.1.2-2.351.el6.i686

Host:
kernel-2.6.32-355.el6.x86_64
qemu-kvm-0.12.1.2-2.351.el6.x86_64
Comment 6 Qunfang Zhang 2013-01-16 06:11:39 UTC 
(In reply to comment #3)
> Are you sure suspend worked? You could try to things:
> 
> 1. Send a guest-ping command right after the guest suspended. If you got a
> response then suspend probably failed

Hi, Luiz
As I'm running a round of qemu-ga function with latest selinux-policy, so update the bz and re-assign the bug as problem still exists.

The suspend indeed works after send "guest-suspend-ram" command. If I send a "guest-ping" right after the guest suspended, cannot get a response unless the guest is resumed.

{ "execute": "guest-suspend-ram"}
{"execute":"guest-ping"}
{"error": {"class": "UndefinedError", "desc": "An undefined error has ocurred", "data": {}}}
{"return": {}}

 
> 
> 2. Try it manually with "echo mem > /sys/power/state" and see if it works.
Yup, manually suspending guest to mem or sending qemu-ga command, both methods make s3 work.
Comment 7 Qunfang Zhang 2013-01-16 06:14:16 UTC 
(In reply to comment #6)
> (In reply to comment #3)
> > Are you sure suspend worked? You could try to things:
> > 
> > 1. Send a guest-ping command right after the guest suspended. If you got a
> > response then suspend probably failed
> 
> Hi, Luiz
> As I'm running a round of qemu-ga function with latest selinux-policy, so
> update the bz and re-assign the bug as problem still exists.
> 
> The suspend indeed works after send "guest-suspend-ram" command. If I send a
> "guest-ping" right after the guest suspended, cannot get a response unless
> the guest is resumed.
> 
> { "execute": "guest-suspend-ram"}
> {"execute":"guest-ping"}
The following messages pops up after I resume guest.
> {"error": {"class": "UndefinedError", "desc": "An undefined error has
> ocurred", "data": {}}}
> {"return": {}}
> 
>  
> > 
> > 2. Try it manually with "echo mem > /sys/power/state" and see if it works.
> Yup, manually suspending guest to mem or sending qemu-ga command, both
> methods make s3 work.
Comment 8 Luiz Capitulino 2013-01-16 11:57:23 UTC 
Qunfang, can you please repeat how you're reproducing this and how many tries you need?
Comment 9 Luiz Capitulino 2013-01-16 19:27:40 UTC 
And, please, provide the versions (qemu, guest kernel, etc) you're currently using.
Comment 10 Qunfang Zhang 2013-01-17 03:05:36 UTC 
Hi, Luiz
I can reproduce it 100% now with qemu-ga service started. But if I manually start qemu-ga command with "-m" and "-p" parameters, can not reproduce.

Steps:
1. Boot guest with virtio serial or isa-serial
# /usr/libexec/qemu-kvm  ....... -chardev socket,path=/tmp/isa-serial,server,nowait,id=isa1 -device isa-serial,chardev=isa1,id=isa-serial1  -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8  -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device virtserialport,bus=virtio-serial0.0,chardev=qga0,name=org.qemu.guest_agent.0 -global  PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0

2. Install qemu-guest-agent inside guest.

3. Start qemu-ga service
#service qemu-ga start

4. Connect the chardev from host.
#nc -U /tmp/qga.sock

5. Send commands from host side to guest.
#nc -U /tmp/qga.sock
{ "execute": "guest-suspend-ram"}

6. After guest suspend, resume it by clicking mouse/keyboard.

7. Watch the nc connection on host side.

{ "execute": "guest-suspend-ram"}
(After resume guest, prompt the following message:) 
{"error": {"class": "UndefinedError", "desc": "An undefined error has ocurred", "data": {}}}

Host version:
kernel-2.6.32-355.el6.x86_64
qemu-kvm-0.12.1.2-2.351.el6.x86_64
seabios-0.6.1.2-26.el6.x86_64

Guest version:
kernel-2.6.32-353.el6.x86_64
qemu-guest-agent-0.12.1.2-2.351.el6.x86_64
selinux-policy-3.7.19-193.el6.noarch

Thanks,
Qunfang
Comment 12 Luiz Capitulino 2013-01-17 19:00:43 UTC 
I don't think this is a blocker issue, let's move to 6.5 then.
Comment 19 Luiz Capitulino 2013-01-23 12:43:32 UTC 
This bug is a mystery to me, I have to manage to reproduce it to be able to understand what's happening.

Luckily though there's a workaround. If you're facing this bug, just remove the pm-utils package and things should work.
Comment 31 Qunfang Zhang 2013-01-31 02:59:45 UTC 
Update the test results here requested by Luiz via mail.

==================

[Luiz] 1. Reproduce the bug and see it failing

[qzhang]
Hi, Luiz
I re-test with rhel6.4-64 (snapshot 5 OS) on rhel6.4 snapshot 5 host, still reproduce.
Packages:
kernel-2.6.32-356.el6.x86_64 (both host and guest)
qemu-kvm-0.12.1.2-2.355.el6.x86_64 (host)
qemu-guest-agent-0.12.1.2-2.355.el6.x86_64 (guest)

Result:
With SELINUX enabled by default, qemu-ga still report the following error after send "guest-suspend-ram" command.

{"error": {"class": "UndefinedError", "desc": "An undefined error has ocurred", "data": {}}}


[Luiz] 2. Set SELinux to permissive mode:

  # setenforce 0

[qzhang]
I re-test for the item 2, after set SELINUX to permissive mode, does not hit the error in the item 1.

[Luiz] 3. Try to reproduce again

[Luiz] 4. If suspend works, provide the output of:

  # ausearch -m avc -ts recent

[qzhang]:
(1) SELINUX is enforcing mode:
[root@localhost ~]#  ausearch -m avc -ts recent
----
time->Thu Jan 31 18:44:26 2013
type=SYSCALL msg=audit(1359629066.275:16): arch=c000003e syscall=2 success=no exit=-13 a0=9a1010 a1=241 a2=1b6 a3=0 items=0 ppid=3623 pid=3628 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="sysctl" exe="/sbin/sysctl" subj=unconfined_u:system_r:virt_qemu_ga_t:s0 key=(null)
type=AVC msg=audit(1359629066.275:16): avc:  denied  { write } for  pid=3628 comm="sysctl" scontext=unconfined_u:system_r:virt_qemu_ga_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file

(2) SELINUX is permissive mode:

----
time->Thu Jan 31 18:45:41 2013
type=SYSCALL msg=audit(1359629141.699:34): arch=c000003e syscall=2 success=yes exit=5 a0=2336010 a1=241 a2=1b6 a3=0 items=0 ppid=3965 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="sysctl" exe="/sbin/sysctl" subj=unconfined_u:system_r:virt_qemu_ga_t:s0 key=(null)
type=AVC msg=audit(1359629141.699:34): avc:  denied  { write } for  pid=3970 comm="sysctl" scontext=unconfined_u:system_r:virt_qemu_ga_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file
----
Comment 32 Luiz Capitulino 2013-01-31 11:49:37 UTC 
Thank you very much Qunfang.

Miroslav, one more issue that seems to be related to qemu-ga's SELinux policy (bug 839831).

What's happening here is that, the guest-suspend-ram command will execute the pm-suspend script, which fails and returns 1. It's necessary to have pm-utils installed to trigger this, otherwise qemu-ga will suspend by writing to /sys/power/state directly (which works).

BTW 1: Qunfang, I'm assuming you have latest selinux-policy package installed

BTW 2: I can't reproduce this, not sure why
Comment 34 Miroslav Grepl 2013-02-01 06:35:41 UTC 
Ok, so if I understand correctly, this happens without installed pm-utils.
Comment 35 Qunfang Zhang 2013-02-01 06:39:28 UTC 
(In reply to comment #34)
> Ok, so if I understand correctly, this happens without installed pm-utils.

Hi, Miroslav
Should be happened with pm-utils installed if you means the situation when trigger the bug. :)
Comment 36 Luiz Capitulino 2013-02-01 12:11:14 UTC 
Yes, pm-utils is needed to trigger the issue.

When guest-suspend-ram runs, it will search for pm-utils scripts. If they're found, then guest-suspend-ram executes them (namely pm-is-supported and pm-suspend). If the scripts are not found, then guest-suspend-ram tries to suspend manually by writing to /sys/power/state.

This bug happens when executing pm-suspend (which fails with exit status 1), so you need pm-utils installed to trigger this.

It's also important to observe that, before executing pm-suspend qemu-ga executes pm-is-supported, which works fine.
Comment 39 Miroslav Grepl 2013-08-06 12:58:40 UTC 
How does this bug look with the latest RHEL6.5 builds?
Comment 40 Miroslav Grepl 2013-10-30 09:43:58 UTC 
More fixes have been added during RHEL6.5 cycle related to qemu-ga and this bug should be fixed. If no, please re-open the bug and it will be addressed in RHEL6.6.
Comment 41 langfang 2013-11-08 08:19:56 UTC 
Hit the similar problem when test on rhel6.5 build .So i reopen this bug .

Version:
Host
# uname -r
2.6.32-430.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.415.el6.x86_64

Guest:
2.6.32-428.el6.x86_64
pm-utils-1.2.5-10.el6.x86_64.rpm
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64

Steps:
1.Boot guest with 

-chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device  virtio-serial -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0

2.After guest boot up 

#service qemu-ga start

3.On host:
[root@dhcp-4-222 qemu-415]# nc -U /tmp/qga.sock
{"execute":"guest-suspend-ram"}
{"error": {"class": "GenericError", "desc": "child process has failed to suspend", "data": {"message": "child process has failed to suspend"}}}
{"execute":"guest-suspend-ram"}
{"error": {"class": "GenericError", "desc": "child process has failed to suspend", "data": {"message": "child process has failed to suspend"}}}

4.Tried remove the pm-utils package in guest 
#rpm -e pm-utils-1.2.5-10.el6.x86_64

5.Tried  S3
...
{"execute":"guest-suspend-ram"}--->not show any error info
{"execute":"guest-suspend-ram"}--->not show any error info
...

Addtional info:

Not tried S4,because there is a bug :

Bug 996038 - it takes 8~30 minutes or more to resume rhel guest from S4 

MY CLI:
/usr/libexec/qemu-kvm  -M rhel6.5.0 -enable-kvm -m 4096 -smp 2,cores=1,threads=1 -name rhel6.5 -uuid `uuidgen` -nodefconfig -nodefaults -monitor stdio -rtc base=utc  -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2  -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x7 -drive file=/home/rhel6.5-64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -device usb-tablet,id=input0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -netdev tap,id=hostnet0,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,mac=00:10:20:2d:31:21,bus=pci.0,addr=0x8,id=net0 -vnc  :10 -vga std -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device  virtio-serial -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0
Comment 42 langfang 2013-11-08 09:08:22 UTC 
Addtional info:

the selinux-policy version in guest:

selinux-policy-3.7.19-231.el6
Comment 43 Miroslav Grepl 2013-11-11 13:16:31 UTC 
I am lost in this bug. What is wrong?
Comment 44 RHEL Program Management 2013-11-15 09:06:49 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 46 langfang 2014-08-20 12:29:28 UTC 
Hi Lukas
   Sorry,just see your needinfo today,what can i do for you?

best regards

fang lang
Comment 47 Lukas Vrabec 2014-08-20 12:34:24 UTC 
Hi, 

Just need answer on comment43, What is wrong?

If some AVCs appears please attach them.

Thank you.
Comment 48 langfang 2014-08-25 08:18:01 UTC 
Test this bug on the latest version:
Host:
# uname -r
2.6.32-496.el6.x86_64
# rpm -q qemu-kvm-rhev
qemu-kvm-rhev-0.12.1.2-2.415.el6_5.6.x86_64
qemu-guest-agent-0.12.1.2-2.440.el6.x86_64

Guest:
2.6.32-483.el6.x86_64
# rpm -qa |grep pm-utils
pm-utils-1.2.5-10.el6.x86_64


Steps:

1.Boot guest with 
...-chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device virtio-serial 
-device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0

2.Do S3

**SELINUX=enforcing(in guest)

# nc -U /tmp/qga.sock -->on host
{"execute":"guest-suspend-"}
{"error": {"class": "CommandNotFound", "desc": "The command guest-suspend- has not been found", "data": {"name": "guest-suspend-"}}}
{"execute":"guest-suspend-ram"}
{"error": {"class": "GenericError", "desc": "child process has failed to suspend", "data": {"message": "child process has failed to suspend"}}}

3.In guest
# ausearch -m avc -ts recent
----
time->Mon Aug 25 12:00:46 2014
type=SYSCALL msg=audit(1408982446.468:12): arch=c000003e syscall=21 success=no exit=-13 a0=992a40 a1=7 a2=20 a3=7ffffbb60b50 items=0 ppid=1982 pid=2004 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1408982446.468:12): avc:  denied  { read } for  pid=2004 comm="gdm-session-wor" name="root" dev=dm-1 ino=524290 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

4.Change selinux

**SELINUX=permmissive(in guest)


{"execute":"guest-suspend-ram"}--->host
--->not show any error

5.In guest

[root@dhcp-66-106-202 ~]# ausearch -m avc -ts recent
----
time->Mon Aug 25 12:00:46 2014
type=SYSCALL msg=audit(1408982446.468:12): arch=c000003e syscall=21 success=no exit=-13 a0=992a40 a1=7 a2=20 a3=7ffffbb60b50 items=0 ppid=1982 pid=2004 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1408982446.468:12): avc:  denied  { read } for  pid=2004 comm="gdm-session-wor" name="root" dev=dm-1 ino=524290 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
----
time->Mon Aug 25 12:06:06 2014
type=SYSCALL msg=audit(1408982766.344:5): arch=c000003e syscall=5 success=yes exit=0 a0=9 a1=7fff7f8990a0 a2=7fff7f8990a0 a3=1d items=0 ppid=1936 pid=1937 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="polkitd" exe="/usr/libexec/polkit-1/polkitd" subj=system_u:system_r:policykit_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1408982766.344:5): avc:  denied  { getattr } for  pid=1937 comm="polkitd" path="/root/.config/user-dirs.dirs" dev=dm-1 ino=533385 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
----
time->Mon Aug 25 12:06:06 2014
type=SYSCALL msg=audit(1408982766.321:4): arch=c000003e syscall=2 success=yes exit=9 a0=18f0740 a1=0 a2=0 a3=1d items=0 ppid=1936 pid=1937 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="polkitd" exe="/usr/libexec/polkit-1/polkitd" subj=system_u:system_r:policykit_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1408982766.321:4): avc:  denied  { open } for  pid=1937 comm="polkitd" name="user-dirs.dirs" dev=dm-1 ino=533385 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
type=AVC msg=audit(1408982766.321:4): avc:  denied  { read } for  pid=1937 comm="polkitd" name="user-dirs.dirs" dev=dm-1 ino=533385 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
Comment 49 Miroslav Grepl 2014-09-17 08:24:51 UTC 
/root/.config is mislabeled. 

# restorecon -R -v /root/.config

will fix it.

Did you log in as root?