1322837 – Setting LIBGUESTFS_HV causes security context to be reset

Bug 1322837 - Setting LIBGUESTFS_HV causes security context to be reset

Summary: Setting LIBGUESTFS_HV causes security context to be reset

Keywords:
Status:	NEW
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libguestfs
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Richard W.M. Jones
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-03-31 12:23 UTC by Richard W.M. Jones
Modified:	2018-07-18 14:51 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Richard W.M. Jones 2016-03-31 12:23:10 UTC

Description of problem:

In bug 912499 we found that certain readonly tools (like virt-df)
would cause live guests to crash.  The reason is that these tools
would change the SELinux label on the guest's disk, and the guest
would suddenly lose access to its disk.  This was fixed upstream.

However the fix is faulty.  If LIBGUESTFS_HV is set (or the handle
hv is set in some other way) then the libvirt backend does not do
the label copying dance, and that can result in the above failure.

You can demonstrate this fairly easily:

(1) Choose the libvirt backend.

(2) Set LIBGUESTFS_HV to point to your qemu.

(3) Run the tests in the python subdirectory.

The regression test python/t/test820RHBZ912499.py will fail.

Version-Release number of selected component (if applicable):

libguestfs 1.33.16

How reproducible:

100%

Steps to Reproduce:
1. See above.

Additional info:

https://bugzilla.redhat.com/show_bug.cgi?id=912499
https://www.redhat.com/archives/libguestfs/2016-March/thread.html#00242

Note You need to log in before you can comment on or make changes to this bug.