1113860 – The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1113860 - The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml.

Summary: The guest will disappear after restart the libvirtd service while set seclabe...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	6.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Michal Privoznik
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1113861
TreeView+	depends on / blocked

Reported:	2014-06-27 05:37 UTC by zhenfeng wang
Modified:	2014-10-14 04:22 UTC (History)
CC List:	8 users (show)
Fixed In Version:	libvirt-0.10.2-42.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1113861 (view as bug list)
Environment:
Last Closed:	2014-10-14 04:22:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1374	0	normal	SHIPPED_LIVE	libvirt bug fix and enhancement update	2014-10-14 08:11:54 UTC

Description zhenfeng wang 2014-06-27 05:37:15 UTC

Description of problem:
The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none'  relabel='yes'/> in guest's xml.

Version-Release number of selected component (if applicable):
kernel-2.6.32-466.el6.x86_64
libvirt-0.10.2-39.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.426.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel6
  <seclabel type='static' relabel='yes'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest has disappeared

# virsh list --all
 Id    Name                           State
----------------------------------------------------

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log
2014-06-27 05:27:46.343+0000: 11623: info : libvirt version: 0.10.2, package: 39.el6 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2014-06-23-13:41:14, x86-022.build.eng.bos.redhat.com)
2014-06-27 05:27:46.343+0000: 11623: error : virSecurityLabelDefParseXML:3323 : XML error: security label is missing


7.The issue always happens no matter i set the security_driver='selinux' or security_driver='none' in qemu.conf

Actual result:
The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none'  relabel='yes'/> in guest's xml.

Expect result:
The guest shouldn't disappear after restart the libvirtd service

Comment 2 Michal Privoznik 2014-07-09 12:59:06 UTC

Patch proposed upstream:

https://www.redhat.com/archives/libvir-list/2014-July/msg00488.html

Comment 3 Michal Privoznik 2014-07-10 14:05:48 UTC

Another attempt:

https://www.redhat.com/archives/libvir-list/2014-July/msg00526.html

Comment 4 Michal Privoznik 2014-07-14 09:15:41 UTC

I've just pushed patch upstream:

commit 99c8d2e8087135a57a54f205aabad8e911e53519
Author:     Michal Privoznik <mprivozn>
AuthorDate: Wed Jul 9 14:36:04 2014 +0200
Commit:     Michal Privoznik <mprivozn>
CommitDate: Mon Jul 14 11:10:09 2014 +0200

    conf: Always format seclabel's model
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1113860
    
    We've always done that. Well, until 990e46c45. Point is, if we don't
    format model, we may lose a domain on libvirtd restart. If the
    seclabel is implicit however, we should skip it's formatting.
    
    Signed-off-by: Michal Privoznik <mprivozn>

v1.2.6-131-g99c8d2e

Comment 5 Michal Privoznik 2014-07-14 09:59:22 UTC

Moving to POST:

http://post-office.corp.redhat.com/archives/rhvirt-patches/2014-July/msg00681.html

Comment 6 Jiri Denemark 2014-07-16 14:58:52 UTC

The backport was nacked as incomplete.

Comment 7 Michal Privoznik 2014-07-18 12:18:05 UTC

Moving to POST:

http://post-office.corp.redhat.com/archives/rhvirt-patches/2014-July/msg00818.html

Comment 9 zhenfeng wang 2014-08-04 09:21:03 UTC

I can reproduce this bug with libvirt-0.10.2-41.el6.x86_64, the following was my verify steps with libvirt-0.10.2-42.el6.x86_64

scenario 1

1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

2.Edit the guest, add the following content to the guest's xml, after save the guest's xml we could see the following content in the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel6
  <seclabel type='none' model='none'/>

3.Restart the libvirtd service
#service libvirtd restart

4.Check the guest status, the guest was still exsiting
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

5.Start the guest, get the expect error
# virsh start rhel6
error: Failed to start domain rhel6
error: unsupported configuration: Unable to find security driver for label none

scenario 2

1.Edit the guest's xml, after save the guest's xml we could see the following content in the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='no'/>

#virsh dumpxml rhel6
  <seclabel type='none' model='none'/>

2.Restart the libvirtd service
#service libvirtd restart

3.Check the guest status, the guest was still exsiting
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off
4.Start the guest, get the expect error
# virsh start rhel6
error: Failed to start domain rhel6
error: unsupported configuration: Unable to find security driver for label none

scenario 3
Set security_driver = none in qemu.conf
Edit the /etc/libvirt/qemu.conf
security_driver = none
#service libvirtd restart

Retest secnario 1~2, get the same result as the following
1.After edit the guest's xml, we could see the following content in the guest's xml
#virsh dumpxml rhel6
--
 <seclabel type='none' model='none'/>

2.Start the guest, the guest could start successfully
# virsh start rhel6
Domain rhel6 started

3.Do some operations with the guest, could get the expect result
# virsh save rhel6 /tmp/rhel6.save

Domain rhel6 saved to /tmp/rhel6.save

# virsh restore /tmp/rhel6.save 
Domain restored from /tmp/rhel6.save

According to the scenario 1~3, mark this bug verified

Comment 11 errata-xmlrpc 2014-10-14 04:22:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1374.html

Note You need to log in before you can comment on or make changes to this bug.