Created attachment 1261769 [details] virtlogd log Description of problem: 1) The guest includes a file-backend serial device as below: <serial type='file'> <source path='/var/log/libvirt/qemu/log' append='off'/> <log file='/var/log/libvirt/qemu/guestname-serial0.log' append='off'/> <target port='0'/> <alias name='serial0'/> </serial> 2) Start guest, then reload virtlogd, virtlogd will fail to open the backend file and exited with two possible status: a. At some times, virtlogd crashed: # systemctl status virtlogd ● virtlogd.service - Virtual machine log manager Loaded: loaded (/usr/lib/systemd/system/virtlogd.service; indirect; vendor preset: disabled) Active: failed (Result: core-dump) since Thu 2017-03-09 05:16:38 EST; 11s ago Docs: man:virtlogd(8) http://libvirt.org Process: 24245 ExecReload=/bin/kill -USR1 $MAINPID (code=exited, status=0/SUCCESS) Process: 23771 ExecStart=/usr/sbin/virtlogd $VIRTLOGD_ARGS (code=dumped, signal=SEGV) Main PID: 23771 (code=dumped, signal=SEGV) b. At some times, virtlogd exited with status=3: # systemctl status virtlogd ● virtlogd.service - Virtual machine log manager Loaded: loaded (/usr/lib/systemd/system/virtlogd.service; indirect; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2017-03-09 22:21:25 EST; 2s ago Docs: man:virtlogd(8) http://libvirt.org Process: 28655 ExecReload=/bin/kill -USR1 $MAINPID (code=exited, status=0/SUCCESS) Process: 28553 ExecStart=/usr/sbin/virtlogd $VIRTLOGD_ARGS (code=exited, status=3) Main PID: 28553 (code=exited, status=3) 3) Check the virtlogd.log: error : virRotatingFileWriterEntryNew:113 : Unable to open file: /var/log/libvirt/qemu/log: Permission denied Version-Release number of selected component: libvirt-3.1.0-2.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1.Start guest 2.Reload virtlogd # systemctl reload virtlogd 3. Check the virtlogd status Actual results: virtlogd met "permission denied" and failed to reload Expected results: virtlogd reload successfully
Created attachment 1261770 [details] backtrace
The audit log: time->Thu Mar 9 22:27:45 2017 type=SYSCALL msg=audit(1489116465.428:100691): arch=c000003e syscall=2 success=no exit=-13 a0=7fa9883f6420 a1=80441 a2=180 a3=7fa9883f5b80 items=0 ppid=1 pid=28818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="virtlogd" exe="/usr/sbin/virtlogd" subj=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1489116465.428:100691): avc: denied { dac_override } for pid=28818 comm="virtlogd" capability=1 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tclass=capability
I seems that the failed status depends on the log_level of virtlogd: a. when log_level is set to 1 in virtlogd.conf, virtlogd crashed b. when log_level is set to the default value in virtlogd.conf, virtlogd exited with status=3
Upstream commit: commit e13e8808f9270f4b3b6f4abb8ec473eef81cc1b9 Author: Pavel Hrdina <phrdina> Date: Mon May 29 14:27:51 2017 +0200 security: don't relabel chardev source if virtlogd is used as stdio handler v3.4.0-129-ge13e8808f9
Verify pass with libvirt-3.8.0-1.virtcov.el7.x86_64
*** Bug 1483466 has been marked as a duplicate of this bug. ***
*** Bug 1541268 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:0704