RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1027096 - Running domain may disappear after libvirtd is restarted when selinux security driver is disabled and didn't enable the model='selinux' in guest's xml
Summary: Running domain may disappear after libvirtd is restarted when selinux securit...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.5
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Michal Privoznik
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1028962
TreeView+ depends on / blocked
 
Reported: 2013-11-06 07:07 UTC by zhenfeng wang
Modified: 2016-04-26 15:01 UTC (History)
10 users (show)

Fixed In Version: libvirt-0.10.2-33.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1028962 (view as bug list)
Environment:
Last Closed: 2014-10-14 04:18:14 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1374 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2014-10-14 08:11:54 UTC

Description zhenfeng wang 2013-11-06 07:07:43 UTC
Description of problem:
Running domain may disappear after libvirtd is restarted when selinux security driver is disabled and didn't enable the model='selinux' in guest's xml

Version-Release number of selected component (if applicable):
libvirt-0.10.2-29.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.415.el6.x86_64
kernel-2.6.32-425.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1. set security_driver = "none" in /etc/libvirt/qemu.conf

2. restart libvirtd service

3. start a domain which contains <seclabel type='dynamic' relabel='yes'/> in its XML configuration,
   here we didn't configure the model='selinux' in guest's xml

4. restart libvirtd

5. domain is lost

Actual results:
Running domain may disappear after libvirtd is restarted when selinux security driver is disabled and didn't enable the model='selinux' in guest's xml

Expected results:
While the seclabel element in guest's xml didn't inculde the model='selinux',
if the selinux allow the guest to start , the guest shouldn't disappear while restart the libvirtd service , if the selinux disallow the guest to start, it should report a proper error while we start the guest

Additional info:

Comment 1 Dave Allan 2013-11-06 21:05:30 UTC
See also Bug 947387

Comment 2 Michal Privoznik 2013-11-11 10:48:54 UTC
Patch has been proposed upstream:

https://www.redhat.com/archives/libvir-list/2013-November/msg00313.html

Comment 3 Michal Privoznik 2013-11-13 06:30:31 UTC
Patch is now pushed upstream:

commit 9fb3f9571db4bd20b8287a160e9b2680f23dde45
Author:     Michal Privoznik <mprivozn>
AuthorDate: Mon Nov 11 09:58:31 2013 +0100
Commit:     Michal Privoznik <mprivozn>
CommitDate: Mon Nov 11 16:01:25 2013 +0100

    virSecurityLabelDefParseXML: Don't parse label on model='none'
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1027096
    
    If there's the following snippet in the domain XML, the domain will be
    lost upon the daemon restart (if the domain is started prior restart):
    
        <seclabel type='dynamic' relabel='yes'/>
    
    The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed
    whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is
    static. The latter is not our case, obviously. So, when libvirtd starts
    up, it finds domain state xml and parse it. During parsing, many XML
    flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries
    to extract 'label', 'imagelabel' and 'baselabel' from the XML which
    fails for model='none'. Err, this model - even though not specified in
    XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf.
    
    However, in order to know we are dealing with model='none' the code in
    question must be moved forward a bit. Then a new check must be
    introduced. This is what the first two chunks are doing.
    
    But this alone is not sufficient. The domain state XML won't contain the
    model attribute without slight modification. The model should be
    inserted into the XML even if equal to 'none' and the state XML is being
    generated - what if the origin (the @security_driver variable in
    qemu.conf) changes during libvirtd restarts?
    
    At the end, a test to catch this scenario is introduced.
    
    Signed-off-by: Michal Privoznik <mprivozn>


v1.1.4-64-g9fb3f95

However, it's unclear right now if we are gonna rebase in 6.6 or if we just backport the important patches. Therefore I'm setting the 'Upstream' keyword to reflect the fact that we already have the patch.

Comment 7 zhenfeng wang 2014-04-18 06:33:47 UTC
Verify this bug with libvirt-0.10.2-33.el6.x86_64.
Following the reproduce steps, when start a guest with which contains <seclabel type='dynamic' relabel='yes'/> in its XML configuration, and restart libvirtd, the guest still in running status.
 
BTW, and warning message produce on libvirtd.log:
2014-04-18 06:31:05.324+0000: 13597: warning : virSecurityManagerNew:148 : Configured security driver "none" disables default policy to create confined guests

Comment 8 zhenfeng wang 2014-08-27 10:33:42 UTC
Hi Michal
Currently we're doing the regression testing about this bug. However, got a different result with step 7 that the running guest will be in shutoff status after restart the libvirtd service, please help check it. thanks

pkginfo
libvirt-0.10.2-44.el6.x86_64

steps
1. set security_driver = "none" in /etc/libvirt/qemu.conf

2. restart libvirtd service

3. start a domain which contains <seclabel type='dynamic' relabel='yes'/> in its XML configuration,
   here we didn't configure the model='selinux' in guest's xml

#virsh dumpxml rhel6
--
<seclabel type='dynamic' model='none' relabel='yes'/>
--
4. restart libvirtd

5. check the domain status, the domain was in shutoff status, also the seclabel in guest's xml changed

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

#virsh dumpxml rhel6
  <seclabel type='none' model='none'/>

6.check the log 
#cat /var/log/libvirt/libvirtd.log
--
2014-08-27 10:30:09.329+0000: 11747: info : libvirt version: 0.10.2, package: 44.el6 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2014-08-19-09:58:31, x86-022.build.eng.bos.redhat.com)
2014-08-27 10:30:09.329+0000: 11747: warning : virSecurityManagerNew:148 : Configured security driver "none" disables default policy to create confined guests
2014-08-27 10:30:09.614+0000: 11747: error : virSecurityLabelDefParseXML:3319 : unsupported configuration: unsupported type='dynamic' to model 'none'
~

Comment 9 Michal Privoznik 2014-09-04 09:26:41 UTC
(In reply to zhenfeng wang from comment #8)
>

Yeah, this is a libvirt bug. I've sent patches upstream:

https://www.redhat.com/archives/libvir-list/2014-September/msg00201.html

Comment 10 Jiri Denemark 2014-09-04 11:47:13 UTC
The additional bug is closely connected but it's not exactly the same. And since the original fix is still there and working, it's better to track the additional issue by its own bug. Thus, I'm moving this one back to ON_QA.

Comment 11 Luyao Huang 2014-09-05 02:55:10 UTC
Filed a new bug 1138500 to trace guest will be shut off after restart libvirtd.
Verify this bug with libvirt-0.10.2-45.el6.x86_64.
Steps the same with comment 8 and guest still exist after restart libvirtd.

Comment 13 errata-xmlrpc 2014-10-14 04:18:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1374.html


Note You need to log in before you can comment on or make changes to this bug.