Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1582414

Summary:	Can not connect to virtlogd uri scheme using Admin API
Product:	Red Hat Enterprise Linux Advanced Virtualization	Reporter:	Lili Zhu <lizhu>
Component:	libvirt	Assignee:	Virtualization Maintenance <virt-maint>
Status:	CLOSED WONTFIX	QA Contact:	Lili Zhu <lizhu>
Severity:	low	Docs Contact:
Priority:	low
Version:	8.1	CC:	dyuan, eskultet, fjin, hhan, jsuchane, lmen, xuzhang
Target Milestone:	rc	Keywords:	Triaged
Target Release:	---	Flags:	pm-rhel: mirror+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-02-15 07:38:58 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Lili Zhu 2018-05-25 07:14:32 UTC

Description of problem:
Can not connect to virtlogd uri scheme using Admin API

Version-Release number of selected component (if applicable):
libvirt-4.3.0-1.el7.x86_64
qemu-kvm-rhev-2.10.0-21.el7_5.3.x86_64

How reproducible:
100%

Steps to Reproduce:
1. start virtlogd deamon

2. try to connect virtlogd uri scheme
# virt-admin -c virtlogd:///system 
error: Failed to connect to the admin server
error: Failed to open file '/proc/9491/stat': Permission denied

3. check the log
# tail /var/log/messages
May 25 15:03:18 client virtlogd: 2018-05-25 07:03:18.908+0000: 8723: error : virFileReadAll:1420 : Failed to open file '/proc/9491/stat': Permission denied
May 25 15:03:18 client dbus[752]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
May 25 15:03:18 client virtlogd: 2018-05-25 07:03:18.910+0000: 8723: error : virFileReadAll:1420 : Failed to open file '/proc/9491/stat': Permission denied
May 25 15:03:18 client virtlogd: 2018-05-25 07:03:18.912+0000: 8723: error : virNetSocketReadWire:1806 : End of file while reading data: Input/output error
May 25 15:03:19 client dbus[752]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
May 25 15:03:20 client setroubleshoot: SELinux is preventing /usr/sbin/virtlogd from search access on the directory 9491. For complete SELinux messages run: sealert -l 755e204b-26ba-43c1-a892-e4eacf151442
May 25 15:03:20 client python: SELinux is preventing /usr/sbin/virtlogd from search access on the directory 9491.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that virtlogd should be allowed search access on the 9491 directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'virtlogd' --raw | audit2allow -M my-virtlogd#012# semodule -i my-virtlogd.pp#012
May 25 15:03:23 client setroubleshoot: SELinux is preventing /usr/sbin/virtlogd from search access on the directory 9491. For complete SELinux messages run: sealert -l 755e204b-26ba-43c1-a892-e4eacf151442
May 25 15:03:23 client python: SELinux is preventing /usr/sbin/virtlogd from search access on the directory 9491.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that virtlogd should be allowed search access on the 9491 directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'virtlogd' --raw | audit2allow -M my-virtlogd#012# semodule -i my-virtlogd.pp#012


Actual results:
can not connect

Expected results:
can connect

Additional info:
After setting selinux to permissive, can connect to virtlogd uri scheme.

Comment 2 Han Han 2018-05-28 01:02:29 UTC

PID 9491 in Description is belong to virt-admin process. You can use fork tracker stap script to check it.
fork tracker: https://sourceware.org/systemtap/examples/process/forktracker.stp

Comment 5 RHEL Program Management 2021-02-15 07:38:58 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.