Bug 1322837 - Setting LIBGUESTFS_HV causes security context to be reset
Summary: Setting LIBGUESTFS_HV causes security context to be reset
Keywords:
Status: NEW
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libguestfs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Richard W.M. Jones
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-31 12:23 UTC by Richard W.M. Jones
Modified: 2018-07-18 14:51 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Richard W.M. Jones 2016-03-31 12:23:10 UTC
Description of problem:

In bug 912499 we found that certain readonly tools (like virt-df)
would cause live guests to crash.  The reason is that these tools
would change the SELinux label on the guest's disk, and the guest
would suddenly lose access to its disk.  This was fixed upstream.

However the fix is faulty.  If LIBGUESTFS_HV is set (or the handle
hv is set in some other way) then the libvirt backend does not do
the label copying dance, and that can result in the above failure.

You can demonstrate this fairly easily:

(1) Choose the libvirt backend.

(2) Set LIBGUESTFS_HV to point to your qemu.

(3) Run the tests in the python subdirectory.

The regression test python/t/test820RHBZ912499.py will fail.

Version-Release number of selected component (if applicable):

libguestfs 1.33.16

How reproducible:

100%

Steps to Reproduce:
1. See above.

Additional info:

https://bugzilla.redhat.com/show_bug.cgi?id=912499
https://www.redhat.com/archives/libguestfs/2016-March/thread.html#00242


Note You need to log in before you can comment on or make changes to this bug.