Bug 997818
| Summary: | [LXC] crash of libvirtd with 'none' type security label | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Alex Jia <ajia> |
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.6 | CC: | acathrow, cwei, dyuan, lsu, weizhan |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-0.10.2-23.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-11-21 09:08:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed upstream:
commit ba44dd2453d486e9eb8c6204f8d7c31d07007d8f
Author: Michal Privoznik <mprivozn>
AuthorDate: Mon Jul 15 15:50:29 2013 +0200
Commit: Michal Privoznik <mprivozn>
CommitDate: Wed Jul 17 12:36:47 2013 +0200
virSecurityManagerGenLabel: Skip seclabels without model
While generating seclabels, we check the seclabel stack if required
driver is in the stack. If not, an error is returned. However, it is
possible for a seclabel to not have any model set (happens with LXC
domains that have just <seclabel type='none'>). If that's the case,
we should just skip the iteration instead of calling STREQ(NULL, ...)
and SIGSEGV-ing subsequently.
Backported:
http://post-office.corp.redhat.com/archives/rhvirt-patches/2013-August/msg01142.html
Hence moving to POST.
Verified this one with libvirt-0.10.2-23.el6.x86_64 kernel-2.6.32-358.20.1.el6.x86_64 1.Reproduced with libvirt -22 version 2.Because of Bug 984597 , i used 6.4.z's kernel 3.Because of Bug 904951 , the lxc start too slow if setenforce 1. Same steps with comment 0 , libvirtd not crashed and no error log in libvirtd.log with the latest build , so set VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1581.html |
Description of problem: If manually edit LXC guest XML with line <seclabel type='none'/> and without security model, the libvirtd will crash when to start the LXC guest. Version-Release number of selected component (if applicable): # rpm -q libvirt kernel libvirt-0.10.2-21.el6.x86_64 kernel-2.6.32-288.el6.x86_64 How reproducible: always Steps to Reproduce: 1. virsh edit "<seclabel type='none'/>" line into LXC guest XML and save configuration 2. virsh start <domain> Actual results: error: Failed to start domain toy error: End of file while reading data: Input/output error Expected results: no crash Additional info: # virsh -c lxc:/// dumpxml toy <domain type='lxc'> <name>toy</name> <uuid>bb428983-cb9f-4702-0f8d-7d4e143d9aad</uuid> <memory unit='KiB'>500000</memory> <currentMemory unit='KiB'>500000</currentMemory> <vcpu placement='static'>4</vcpu> <os> <type arch='x86_64'>exe</type> <init>/bin/sh</init> </os> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <filesystem type='mount' accessmode='passthrough'> <source dir='/'/> <target dir='/'/> </filesystem> <console type='pty'> <target type='lxc' port='0'/> </console> </devices> <seclabel type='none'/> </domain> # virsh -c lxc:/// start toy error: Failed to start domain toy error: End of file while reading data: Input/output error # service libvirtd status libvirtd dead but pid file exists Notes, it's okay for QEMU driver, the "model='selinux'" will be automatically append into line "<seclabel type='none'/>", so we probably need to add security driver for label selinux with LXC driver. In addition, operation virDomainCreate forbidden for read only access, but not sure whether other callers also use 'virSecurityManagerGenLabel' via a read-only client then crash libvirtd. GDB backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f638599b700 (LWP 24630)] __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:2112 2112 movdqa (%rdi), %xmm2 (gdb) bt #0 __strcmp_ssse3 () at ../sysdeps/x86_64/strcmp.S:2112 #1 0x0000003655d99299 in virSecurityManagerGenLabel (mgr=<value optimized out>, vm=0x7f637c2f7280) at security/security_manager.c:337 #2 0x00000000004d210d in virLXCProcessStart (conn=0x7f636c000ae0, driver=0x7f637c22e280, vm=0x7f637c2bfcb0, autoDestroy=false, reason=VIR_DOMAIN_RUNNING_BOOTED) at lxc/lxc_process.c:996 #3 0x00000000004cd4ed in lxcDomainStartWithFlags (dom=0x7f6364000900, flags=0) at lxc/lxc_driver.c:1007 #4 0x0000003655cf56f0 in virDomainCreate (domain=0x7f6364000900) at libvirt.c:8319 #5 0x0000000000440212 in remoteDispatchDomainCreate (server=<value optimized out>, client=<value optimized out>, msg=<value optimized out>, rerr=0x7f638599ab80, args=<value optimized out>, ret=<value optimized out>) at remote_dispatch.h:1066 #6 remoteDispatchDomainCreateHelper (server=<value optimized out>, client=<value optimized out>, msg=<value optimized out>, rerr=0x7f638599ab80, args=<value optimized out>, ret=<value optimized out>) at remote_dispatch.h:1044 #7 0x0000003655d401e2 in virNetServerProgramDispatchCall (prog=0xcff940, server=0xcf6ef0, client=0xcfdc90, msg=0xcfc4b0) at rpc/virnetserverprogram.c:431 #8 virNetServerProgramDispatch (prog=0xcff940, server=0xcf6ef0, client=0xcfdc90, msg=0xcfc4b0) at rpc/virnetserverprogram.c:304 #9 0x0000003655d414ce in virNetServerProcessMsg (srv=<value optimized out>, client=0xcfdc90, prog=<value optimized out>, msg=0xcfc4b0) at rpc/virnetserver.c:170 #10 0x0000003655d41b6c in virNetServerHandleJob (jobOpaque=<value optimized out>, opaque=0xcf6ef0) at rpc/virnetserver.c:191 #11 0x0000003655c63e9c in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:144 #12 0x0000003655c63789 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161 #13 0x00000038baa077f1 in start_thread (arg=0x7f638599b700) at pthread_create.c:301 #14 0x00000033f68e570d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115