Bug 1113861 – The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml.

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1113861 - The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml.

Summary:	The guest will disappear after restart the libvirtd service while set seclabe...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Michal Privoznik
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	1113860
Blocks:
	Show dependency tree / graph

Reported:	2014-06-27 01:38 EDT by zhenfeng wang
Modified:	2015-03-05 02:40 EST (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	libvirt-1.2.7-1.el7
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:	1113860
Environment:
Last Closed:	2015-03-05 02:40:39 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0323	normal	SHIPPED_LIVE	Low: libvirt security, bug fix, and enhancement update	2015-03-05 07:10:54 EST

Groups: None (edit)

Description zhenfeng wang 2014-06-27 01:38:13 EDT

+++ This bug was initially created as a clone of Bug #1113860 +++

Description of problem:
The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none'  relabel='yes'/> in guest's xml.

Version-Release number of selected component (if applicable):
kernel-2.6.32-466.el6.x86_64
libvirt-0.10.2-39.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.426.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel6
  <seclabel type='static' relabel='yes'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest has disappeared

# virsh list --all
 Id    Name                           State
----------------------------------------------------

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log
2014-06-27 05:27:46.343+0000: 11623: info : libvirt version: 0.10.2, package: 39.el6 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2014-06-23-13:41:14, x86-022.build.eng.bos.redhat.com)
2014-06-27 05:27:46.343+0000: 11623: error : virSecurityLabelDefParseXML:3323 : XML error: security label is missing


7.The issue always happens no matter i set the security_driver='selinux' or security_driver='none' in qemu.conf

Actual result:
The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none'  relabel='yes'/> in guest's xml.

Expect result:
The guest shouldn't disappear after restart the libvirtd service

Comment 2 Ján Tomko 2014-08-07 06:54:20 EDT

commit 99c8d2e8087135a57a54f205aabad8e911e53519
Author:     Michal Privoznik <mprivozn@redhat.com>
AuthorDate: Wed Jul 9 14:36:04 2014 +0200
Commit:     Michal Privoznik <mprivozn@redhat.com>
CommitDate: Mon Jul 14 11:10:09 2014 +0200

    conf: Always format seclabel's model
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1113860
    
    We've always done that. Well, until 990e46c45. Point is, if we don't
    format model, we may lose a domain on libvirtd restart. If the
    seclabel is implicit however, we should skip it's formatting.
    
    Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

v1.2.6-131-g99c8d2e

Comment 4 zhengqin 2014-08-21 04:32:08 EDT

I could reproduce it with libvirt-1.1.1-29.el7.x86_64 as following steps:

1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel6
  <seclabel type='static' relabel='yes'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest has disappeared

# virsh list --all
 Id    Name                           State
----------------------------------------------------

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log

2014-08-21 08:19:23.207+0000: 7395: error : virSecurityLabelDefParseXML:4559 : XML error: security label is missing

Comment 5 zhengqin 2014-08-21 06:28:08 EDT

Verified this with libvirt-1.2.7-1.el7.x86_64:


1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel6
  <seclabel type='none' model='none'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest is still existed here.

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log

Not find the error about virSecurityLabelDefParseXML.

Comment 6 zhenfeng wang 2014-11-25 06:53:23 EST

Verify the bug with libvirt-1.2.8-8.el7.x86_64

steps
scenario 1
1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel7.0
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel7.0
  <seclabel type='none' model='none'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest is still existed here.

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log

Not find the error about virSecurityLabelDefParseXML.

7.start the guest, the guest will fail to start with the expect error
# virsh start rhel7.0
error: Failed to start domain rhel7.0
error: unsupported configuration: Unable to find security driver for label none

scenario 2
1.Edit the guest's xml and add the following content to the guest'xml
<seclabel type='dynamic' model='none'  relabel='yes'/>

2.check the generated guest's xml
#virsh dumpxml rhel7.0
--
 <seclabel type='none' model='none'/>

3.Restart the libvirtd service, the guest was still exsiting
#service libvirtd restart

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

4.Start the guest, will get the expect error
# virsh start rhel7.0
error: Failed to start domain rhel7.0
error: unsupported configuration: Unable to find security driver for label none

scenario 3
1.Edit the guest's xml and add the following content to the guest'xml
<seclabel type='static' model='none'  relabel='no'/>

2.check the generated guest's xml
#virsh dumpxml rhel7.0
--
 <seclabel type='none' model='none'/>

3.Restart the libvirtd service, the guest was still exsiting
#service libvirtd restart

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

4.Start the guest, will get the expect error
# virsh start rhel7.0
error: Failed to start domain rhel7.0
error: unsupported configuration: Unable to find security driver for label none

Comment 8 errata-xmlrpc 2015-03-05 02:40:39 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0323.html

Note You need to log in before you can comment on or make changes to this bug.