Hide Forgot
Description of problem: when we do bug-reverification for bug 911569 that it fail in the latest qemu-kvm & selinux. Version-Release number of selected component (if applicable): host info: 2.6.32-429.el6.x86_64 qemu-kvm-0.12.1.2-2.415.el6.x86_64 guest info: qemu-guest-agent-0.12.1.2-2.415.el6.x86_64 selinux-policy-3.7.19-231.el6.noarch selinux-policy-targeted-3.7.19-231.el6.noarch How reproducible: 100% Steps to Reproduce: 1.Start guest with virtio serial. e.g:# /usr/libexec/qemu-kvm -S -M rhel6.5.0 ... -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device virtio-serial -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 2.install qemu-guest agent package in guest. 3.set FSFREEZE_HOOK_ENABLE=1 for /etc/sysconfig/qemu-ga in guest. 4.added a simple user script in guest. # cat /usr/libexec/qemu-ga/fsfreeze-hook.d/sample.sh #!/bin/bash echo "$0:" "$@" 5.# chmod 777 usr/libexec/qemu-ga/fsfreeze-hook.d/sample.sh 6.Reboot guest to make the configuration effect. 7.Start guest agent with fsfreeze hook enabled inside guest. # qemu-ga -F on 8.Connect the chardev socket in host side for sending commands to guest. # nc -U /tmp/qga.sock readline {"execute":"guest-fsfreeze-freeze" } {"execute":"guest-fsfreeze-thaw"} Actual results: no matter selinux is Enforcing or Permissive, the "guest-fsfreeze-freeze" can run correctly. # nc -U /tmp/qga.sock readline {"execute":"guest-fsfreeze-thaw"} {"return": 2} {"execute":"guest-fsfreeze-thaw"} {"return": 2} Expected results: after step 8, test it with SELINUX = Enforcing|Permissive status. - I.SELINUX = Enforcing: # getenforce Enforcing {"execute":"guest-fsfreeze-status"} {"return": "thawed"} {"execute":"guest-fsfreeze-freeze" } {"error": {"class": "GenericError", "desc": "can't access fsfreeze hook '/usr/libexec/qemu-ga/fsfreeze-hook': Permission denied", "data": {"message": "can't access fsfreeze hook '/usr/libexec/qemu-ga/fsfreeze-hook': Permission denied"}}} - II.SELINUX = Permissive # setenforce 0 # getenforce Permissive {"execute":"guest-fsfreeze-status"} {"return": "thawed"} {"execute":"guest-fsfreeze-freeze" } {"return": 2} {"execute":"guest-fsfreeze-status"} {"return": "frozen"} {"execute":"guest-fsfreeze-thaw"} {"return": 2} {"execute":"guest-fsfreeze-status"} {"return": "thawed"} Additional info:
We did bug verified in bug 911569#c17 with qemu-kvm-0.12.1.2-2.370.el6.x86_64&qemu-guest-agent-0.12.1.2-2.370.el6.x86_64&selinux-policy-3.7.19-200.el6.noarch. but when i donwload to qemu-kvm-0.12.1.2-2.370.el6.x86_64&qemu-guest-agent-0.12.1.2-2.370.el6.x86_64&selinux-policy-3.7.19-207.el6.noarch still hit this issue, so this is selinux-policy regression bug.
(In reply to Sibiao Luo from comment #1) > We did bug verified in bug 911569#c17 with > qemu-kvm-0.12.1.2-2.370.el6.x86_64&qemu-guest-agent-0.12.1.2-2.370.el6. > x86_64&selinux-policy-3.7.19-200.el6.noarch. > but when i donwload to > qemu-kvm-0.12.1.2-2.370.el6.x86_64&qemu-guest-agent-0.12.1.2-2.370.el6. > x86_64&selinux-policy-3.7.19-207.el6.noarch still hit this issue, so this is > selinux-policy regression bug. Just talked with lersek in IRC that in build 201 mgrepl implemented changes that prevent you from reproducing the bug. in order to reproduce the bug, use 200 or earlier and to verify the fix, use 218 or later. So i close this bug to WORKSFORME and will do re-verify the bug 911569 with selinux-218. Best Regards, sluo