RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1026706 - Application-consistent online backup (qemu-ga freeze/thaw hooks for linux guests)
Summary: Application-consistent online backup (qemu-ga freeze/thaw hooks for linux gue...
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-05 09:41 UTC by Sibiao Luo
Modified: 2013-11-05 10:11 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-11-05 10:11:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Sibiao Luo 2013-11-05 09:41:37 UTC 
Description of problem:
when we do bug-reverification for bug 911569 that it fail in the latest qemu-kvm & selinux.

Version-Release number of selected component (if applicable):
host info:
2.6.32-429.el6.x86_64
qemu-kvm-0.12.1.2-2.415.el6.x86_64
guest info:
qemu-guest-agent-0.12.1.2-2.415.el6.x86_64
selinux-policy-3.7.19-231.el6.noarch
selinux-policy-targeted-3.7.19-231.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1.Start guest with virtio serial.
e.g:# /usr/libexec/qemu-kvm -S -M rhel6.5.0 ... -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device virtio-serial -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0
2.install qemu-guest agent package in guest.
3.set FSFREEZE_HOOK_ENABLE=1 for /etc/sysconfig/qemu-ga in guest.
4.added a simple user script in guest.
# cat /usr/libexec/qemu-ga/fsfreeze-hook.d/sample.sh
#!/bin/bash
echo "$0:" "$@"
5.# chmod 777 usr/libexec/qemu-ga/fsfreeze-hook.d/sample.sh
6.Reboot guest to make the configuration effect.
7.Start guest agent with fsfreeze hook enabled inside guest.
# qemu-ga -F on
8.Connect the chardev socket in host side for sending commands to guest.
# nc -U /tmp/qga.sock readline
{"execute":"guest-fsfreeze-freeze" }
{"execute":"guest-fsfreeze-thaw"}

Actual results:
no matter selinux is Enforcing or Permissive, the "guest-fsfreeze-freeze" can run correctly.
# nc -U /tmp/qga.sock readline
{"execute":"guest-fsfreeze-thaw"}
{"return": 2}
{"execute":"guest-fsfreeze-thaw"}
{"return": 2}

Expected results:
after step 8, test it with SELINUX = Enforcing|Permissive status.
- I.SELINUX = Enforcing:
# getenforce 
Enforcing
{"execute":"guest-fsfreeze-status"}
{"return": "thawed"}
{"execute":"guest-fsfreeze-freeze" }
{"error": {"class": "GenericError", "desc": "can't access fsfreeze hook '/usr/libexec/qemu-ga/fsfreeze-hook': Permission denied", "data": {"message": "can't access fsfreeze hook '/usr/libexec/qemu-ga/fsfreeze-hook': Permission denied"}}}
- II.SELINUX = Permissive
# setenforce 0
# getenforce 
Permissive
{"execute":"guest-fsfreeze-status"}
{"return": "thawed"}
{"execute":"guest-fsfreeze-freeze" }
{"return": 2}
{"execute":"guest-fsfreeze-status"}
{"return": "frozen"}
{"execute":"guest-fsfreeze-thaw"}
{"return": 2}
{"execute":"guest-fsfreeze-status"}
{"return": "thawed"}

Additional info:
Comment 1 Sibiao Luo 2013-11-05 09:49:28 UTC 
We did bug verified in bug 911569#c17 with qemu-kvm-0.12.1.2-2.370.el6.x86_64&qemu-guest-agent-0.12.1.2-2.370.el6.x86_64&selinux-policy-3.7.19-200.el6.noarch.
but when i donwload to qemu-kvm-0.12.1.2-2.370.el6.x86_64&qemu-guest-agent-0.12.1.2-2.370.el6.x86_64&selinux-policy-3.7.19-207.el6.noarch still hit this issue, so this is selinux-policy regression bug.
Comment 2 Sibiao Luo 2013-11-05 10:11:39 UTC 
(In reply to Sibiao Luo from comment #1)
> We did bug verified in bug 911569#c17 with
> qemu-kvm-0.12.1.2-2.370.el6.x86_64&qemu-guest-agent-0.12.1.2-2.370.el6.
> x86_64&selinux-policy-3.7.19-200.el6.noarch.
> but when i donwload to
> qemu-kvm-0.12.1.2-2.370.el6.x86_64&qemu-guest-agent-0.12.1.2-2.370.el6.
> x86_64&selinux-policy-3.7.19-207.el6.noarch still hit this issue, so this is
> selinux-policy regression bug.

Just talked with lersek in IRC that in build 201 mgrepl implemented changes that prevent you from reproducing the bug. in order to reproduce the bug, use 200 or earlier and to verify the fix, use 218 or later. 
So i close this bug to WORKSFORME and will do re-verify the bug 911569 with selinux-218.

Best Regards,
sluo
Note You need to log in before you can comment on or make changes to this bug.