Bug 1122367 - guest with agent can't start in user mode
Summary: guest with agent can't start in user mode
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.6
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: 6.6
Assignee: Ján Tomko
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-23 05:33 UTC by Luyao Huang
Modified: 2015-07-22 05:46 UTC (History)
6 users (show)

Fixed In Version: libvirt-0.10.2-48.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-22 05:46:13 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1252 normal SHIPPED_LIVE libvirt bug fix update 2015-07-20 17:50:06 UTC

Description Luyao Huang 2014-07-23 05:33:39 UTC
description of problem:
guest with agent can't start when start it second time in non-root mode

Version-Release number of selected component (if applicable):
kernel-2.6.32-489.el6.x86_64
libvirt-0.10.2-41.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.login non-root mode and make sure:
$ virsh uri
qemu:///session


2.prepare a guest with agent:
$ virsh dumpxml sdfs
......
<channel type='unix'>
      <source mode='bind' path='/home/test2/.libvirt/qemu/sdfs.agent'/>
      <target type='virtio' name='org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
.......
3.$ ll /home/test2/.libvirt/qemu/sdfs.agent
ls: cannot access /home/test2/.libvirt/qemu/sdfs.agent: No such file or directory

4.$ virsh start sdfs
Domain sdfs started

5.$ virsh destroy sdfs
Domain sdfs destroyed

6.$ virsh start sdfs
error: Failed to start domain sdfs
error: internal error Process exited while reading console log output: char device redirected to /dev/pts/3
2014-07-18T08:27:13.348428Z qemu-kvm: -chardev socket,id=charchannel0,path=/home/test2/.libvirt/qemu/sdfs.agent,server,nowait: socket bind failed: Address already in use
2014-07-18T08:27:13.348621Z qemu-kvm: -chardev socket,id=charchannel0,path=/home/test2/.libvirt/qemu/sdfs.agent,server,nowait: chardev: opening backend "socket" failed


Actual results:
 Guest can't start with agent when start it second time

Expected results:
Start normal and no error report

Additional info:
Wang Zhenfeng said:

The failure was caused by avc deny, you could see the following avc info during start the guest
$ virsh start normal
error: Failed to start domain normal
error: internal error Process exited while reading console log output: char device redirected to /dev/pts/8
2014-07-23T03:31:20.534628Z qemu-kvm: -chardev socket,id=charchannel1,path=/home/test20/.libvirt/qemu/normal.agent,server,nowait: socket bind failed: Address already in use
2014-07-23T03:31:20.534777Z qemu-kvm: -chardev socket,id=charchannel1,path=/home/test20/.libvirt/qemu/normal.agent,server,nowait: chardev: opening backend "socket" failed

# ausearch -m avc -ts recent
----
time->Tue Jul 22 23:31:20 2014
type=SYSCALL msg=audit(1406086280.533:1576): arch=c000003e syscall=87 success=no exit=-13 a0=7fff217eda62 a1=7fb47c852b3d a2=7fff217eda89 a3=616d726f6e2f756d items=0 ppid=1 pid=21931 auid=502 uid=502 gid=502 euid=502 suid=502 fsuid=502 egid=502 sgid=502 fsgid=502 tty=(none) ses=132 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=unconfined_u:unconfined_r:svirt_t:s0:c284,c731 key=(null)
type=AVC msg=audit(1406086280.533:1576): avc:  denied  { remove_name } for  pid=21931 comm="qemu-kvm" name="normal.agent" dev=sda5 ino=918527 scontext=unconfined_u:unconfined_r:svirt_t:s0:c284,c731 tcontext=unconfined_u:object_r:virt_home_t:s0 tclass=dir

Remove the $guest.agent file manually, then re-start the guest
$ rm -rf /home/test20/.libvirt/qemu/normal.agent
$ virsh start normal
Domain normal started

$ virsh list --all
 Id    Name                           State
----------------------------------------------------
 16    normal                         running

Comment 3 Ján Tomko 2015-01-20 16:10:54 UTC
This has been fixed upstream by:
commit 205010c40eb90c1088ddc250d4bcf3d2669b549c
Author:     Ján Tomko <jtomko@redhat.com>
AuthorDate: 2014-05-13 08:54:20 +0200
Commit:     Ján Tomko <jtomko@redhat.com>
CommitDate: 2014-05-26 15:17:54 +0200

    Clean up chardev sockets on QEMU shutdown
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1088787
    
    Clean up unix socket files for chardevs using mode='bind',
    like we clean up the monitor socket.
    They are created by QEMU on startup and not really useful
    after shutting it down.

git describe: v1.2.5-rc1-1-g205010c contains: v1.2.5-rc2~17

Comment 6 zhenfeng wang 2015-02-03 07:53:47 UTC
I could reproduce this bug with libvirt-0.10.2-46.el6, Verify this bug with libvirt-0.10.2-48.el6, the guest can always start successfully with the agent in user mode
1.login non-root mode and make sure:
$ virsh uri
qemu:///session


2.prepare a guest with agent:
$ virsh dumpxml rhel6b
......
<channel type='unix'>
      <source mode='bind' path='/home/test2/.libvirt/qemu/rhel6b.agent'/>
      <target type='virtio' name='org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='2'/>
    </channel>
.......
3.$ ll /home/test2/.libvirt/qemu/rhel6b.agent
ls: cannot access /home/test2/.libvirt/qemu/rhel6b.agent: No such file or directory

$ ll /home/test2/.libvirt/qemu/rhel6b.agent
ls: cannot access /home/test2/.libvirt/qemu/rhel6b.agent: No such file or directory

$ virsh start rhel6b
Domain rhel6b started

$ ll /home/test2/.libvirt/qemu/rhel6b.agent
srwxrwxr-x. 1 test2 test2 0 Feb  3 02:42 /home/test2/.libvirt/qemu/rhel6b.agent

$ virsh destroy rhel6b
Domain rhel6b destroyed

$ ll /home/test2/.libvirt/qemu/rhel6b.agent
ls: cannot access /home/test2/.libvirt/qemu/rhel6b.agent: No such file or directory

$ virsh start rhel6b
Domain rhel6b started

3.Do S3/S4 with the guest
$ virsh dompmsuspend rhel6b --target mem
Domain rhel6b successfully suspended
[test2@rhel67test ~]$ virsh list
 Id    Name                           State
----------------------------------------------------
 19    rhel6b                         pmsuspended

$ virsh dompmwakeup rhel6b
Domain rhel6b successfully woken up

$ virsh dompmsuspend rhel6b --target disk
Domain rhel6b successfully suspended

$ virsh list
 Id    Name                           State
----------------------------------------------------

$ virsh start rhel6b
Domain rhel6b started

According to the upper steps, mark this bug verified

Comment 8 errata-xmlrpc 2015-07-22 05:46:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1252.html


Note You need to log in before you can comment on or make changes to this bug.