1113861 – The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1113861 - The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none' relabel='yes'/> in guest's xml.

Summary: The guest will disappear after restart the libvirtd service while set seclabe...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Michal Privoznik
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	1113860
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-27 05:38 UTC by zhenfeng wang
Modified:	2015-03-05 07:40 UTC (History)
CC List:	5 users (show)
Fixed In Version:	libvirt-1.2.7-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1113860
Environment:
Last Closed:	2015-03-05 07:40:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0323	0	normal	SHIPPED_LIVE	Low: libvirt security, bug fix, and enhancement update	2015-03-05 12:10:54 UTC

Description zhenfeng wang 2014-06-27 05:38:13 UTC

+++ This bug was initially created as a clone of Bug #1113860 +++

Description of problem:
The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none'  relabel='yes'/> in guest's xml.

Version-Release number of selected component (if applicable):
kernel-2.6.32-466.el6.x86_64
libvirt-0.10.2-39.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.426.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel6
  <seclabel type='static' relabel='yes'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest has disappeared

# virsh list --all
 Id    Name                           State
----------------------------------------------------

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log
2014-06-27 05:27:46.343+0000: 11623: info : libvirt version: 0.10.2, package: 39.el6 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2014-06-23-13:41:14, x86-022.build.eng.bos.redhat.com)
2014-06-27 05:27:46.343+0000: 11623: error : virSecurityLabelDefParseXML:3323 : XML error: security label is missing


7.The issue always happens no matter i set the security_driver='selinux' or security_driver='none' in qemu.conf

Actual result:
The guest will disappear after restart the libvirtd service while set seclabel type='static' model='none'  relabel='yes'/> in guest's xml.

Expect result:
The guest shouldn't disappear after restart the libvirtd service

Comment 2 Ján Tomko 2014-08-07 10:54:20 UTC

commit 99c8d2e8087135a57a54f205aabad8e911e53519
Author:     Michal Privoznik <mprivozn>
AuthorDate: Wed Jul 9 14:36:04 2014 +0200
Commit:     Michal Privoznik <mprivozn>
CommitDate: Mon Jul 14 11:10:09 2014 +0200

    conf: Always format seclabel's model
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1113860
    
    We've always done that. Well, until 990e46c45. Point is, if we don't
    format model, we may lose a domain on libvirtd restart. If the
    seclabel is implicit however, we should skip it's formatting.
    
    Signed-off-by: Michal Privoznik <mprivozn>

v1.2.6-131-g99c8d2e

Comment 4 zhengqin 2014-08-21 08:32:08 UTC

I could reproduce it with libvirt-1.1.1-29.el7.x86_64 as following steps:

1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel6
  <seclabel type='static' relabel='yes'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest has disappeared

# virsh list --all
 Id    Name                           State
----------------------------------------------------

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log

2014-08-21 08:19:23.207+0000: 7395: error : virSecurityLabelDefParseXML:4559 : XML error: security label is missing

Comment 5 zhengqin 2014-08-21 10:28:08 UTC

Verified this with libvirt-1.2.7-1.el7.x86_64:


1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel6
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel6
  <seclabel type='none' model='none'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest is still existed here.

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel6                          shut off

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log

Not find the error about virSecurityLabelDefParseXML.

Comment 6 zhenfeng wang 2014-11-25 11:53:23 UTC

Verify the bug with libvirt-1.2.8-8.el7.x86_64

steps
scenario 1
1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

2.Edit the guest, add the following content to the guest's xml
#virsh edit rhel7.0
--
<seclabel type='static' model='none'  relabel='yes'/>
--

#virsh dumpxml rhel7.0
  <seclabel type='none' model='none'/>

3.Check the guest status
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

4.Restart the libvirtd service
#service libvirtd restart

5.Re-check the guest status, the guest is still existed here.

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

# 
6.Check the libvirtd's log
#cat /var/log/libvirt/libvirtd.log

Not find the error about virSecurityLabelDefParseXML.

7.start the guest, the guest will fail to start with the expect error
# virsh start rhel7.0
error: Failed to start domain rhel7.0
error: unsupported configuration: Unable to find security driver for label none

scenario 2
1.Edit the guest's xml and add the following content to the guest'xml
<seclabel type='dynamic' model='none'  relabel='yes'/>

2.check the generated guest's xml
#virsh dumpxml rhel7.0
--
 <seclabel type='none' model='none'/>

3.Restart the libvirtd service, the guest was still exsiting
#service libvirtd restart

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

4.Start the guest, will get the expect error
# virsh start rhel7.0
error: Failed to start domain rhel7.0
error: unsupported configuration: Unable to find security driver for label none

scenario 3
1.Edit the guest's xml and add the following content to the guest'xml
<seclabel type='static' model='none'  relabel='no'/>

2.check the generated guest's xml
#virsh dumpxml rhel7.0
--
 <seclabel type='none' model='none'/>

3.Restart the libvirtd service, the guest was still exsiting
#service libvirtd restart

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7.0                          shut off

4.Start the guest, will get the expect error
# virsh start rhel7.0
error: Failed to start domain rhel7.0
error: unsupported configuration: Unable to find security driver for label none

Comment 8 errata-xmlrpc 2015-03-05 07:40:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0323.html

Note You need to log in before you can comment on or make changes to this bug.