Hide Forgot
Description of problem: The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml. Version-Release number of selected component (if applicable): kernel-2.6.32-466.el6.x86_64 libvirt-0.10.2-39.el6.x86_64 qemu-kvm-rhev-0.12.1.2-2.426.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1.Prepare a shutoff guest # virsh list --all Id Name State ---------------------------------------------------- - rhel6 shut off 2.Edit the guest, add the following content to the guest's xml #virsh edit rhel6 -- <seclabel type='static' model='none' relabel='yes'/> -- #virsh dumpxml rhel6 <seclabel type='static' relabel='yes'/> 3.Check the guest status # virsh list --all Id Name State ---------------------------------------------------- - rhel6 shut off 4.Restart the libvirtd service #service libvirtd restart 5.Re-check the guest status, the guest has disappeared # virsh list --all Id Name State ---------------------------------------------------- # 6.Check the libvirtd's log #cat /var/log/libvirt/libvirtd.log 2014-06-27 05:27:46.343+0000: 11623: info : libvirt version: 0.10.2, package: 39.el6 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2014-06-23-13:41:14, x86-022.build.eng.bos.redhat.com) 2014-06-27 05:27:46.343+0000: 11623: error : virSecurityLabelDefParseXML:3323 : XML error: security label is missing 7.The issue always happens no matter i set the security_driver='selinux' or security_driver='none' in qemu.conf Actual result: The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml. Expect result: The guest shouldn't disappear after restart the libvirtd service
Patch proposed upstream: https://www.redhat.com/archives/libvir-list/2014-July/msg00488.html
Another attempt: https://www.redhat.com/archives/libvir-list/2014-July/msg00526.html
I've just pushed patch upstream: commit 99c8d2e8087135a57a54f205aabad8e911e53519 Author: Michal Privoznik <mprivozn@redhat.com> AuthorDate: Wed Jul 9 14:36:04 2014 +0200 Commit: Michal Privoznik <mprivozn@redhat.com> CommitDate: Mon Jul 14 11:10:09 2014 +0200 conf: Always format seclabel's model https://bugzilla.redhat.com/show_bug.cgi?id=1113860 We've always done that. Well, until 990e46c45. Point is, if we don't format model, we may lose a domain on libvirtd restart. If the seclabel is implicit however, we should skip it's formatting. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> v1.2.6-131-g99c8d2e
Moving to POST: http://post-office.corp.redhat.com/archives/rhvirt-patches/2014-July/msg00681.html
The backport was nacked as incomplete.
Moving to POST: http://post-office.corp.redhat.com/archives/rhvirt-patches/2014-July/msg00818.html
I can reproduce this bug with libvirt-0.10.2-41.el6.x86_64, the following was my verify steps with libvirt-0.10.2-42.el6.x86_64 scenario 1 1.Prepare a shutoff guest # virsh list --all Id Name State ---------------------------------------------------- - rhel6 shut off 2.Edit the guest, add the following content to the guest's xml, after save the guest's xml we could see the following content in the guest's xml #virsh edit rhel6 -- <seclabel type='static' model='none' relabel='yes'/> -- #virsh dumpxml rhel6 <seclabel type='none' model='none'/> 3.Restart the libvirtd service #service libvirtd restart 4.Check the guest status, the guest was still exsiting # virsh list --all Id Name State ---------------------------------------------------- - rhel6 shut off 5.Start the guest, get the expect error # virsh start rhel6 error: Failed to start domain rhel6 error: unsupported configuration: Unable to find security driver for label none scenario 2 1.Edit the guest's xml, after save the guest's xml we could see the following content in the guest's xml #virsh edit rhel6 -- <seclabel type='static' model='none' relabel='no'/> #virsh dumpxml rhel6 <seclabel type='none' model='none'/> 2.Restart the libvirtd service #service libvirtd restart 3.Check the guest status, the guest was still exsiting # virsh list --all Id Name State ---------------------------------------------------- - rhel6 shut off 4.Start the guest, get the expect error # virsh start rhel6 error: Failed to start domain rhel6 error: unsupported configuration: Unable to find security driver for label none scenario 3 Set security_driver = none in qemu.conf Edit the /etc/libvirt/qemu.conf security_driver = none #service libvirtd restart Retest secnario 1~2, get the same result as the following 1.After edit the guest's xml, we could see the following content in the guest's xml #virsh dumpxml rhel6 -- <seclabel type='none' model='none'/> 2.Start the guest, the guest could start successfully # virsh start rhel6 Domain rhel6 started 3.Do some operations with the guest, could get the expect result # virsh save rhel6 /tmp/rhel6.save Domain rhel6 saved to /tmp/rhel6.save # virsh restore /tmp/rhel6.save Domain restored from /tmp/rhel6.save According to the scenario 1~3, mark this bug verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1374.html