Bug 1672259

+++ This bug was initially created as a clone of Bug #1670337 +++

Description of problem:
If start guest with an empty cdrom, try to change media for it, will fail with 'Permission denied' error.

Version-Release number of selected component (if applicable):
libvirt-4.5.0-20.module+el8+2724+8292f19c.x86_64
qemu-kvm-2.12.0-60.module+el8+2725+0ab65287.x86_64
selinux-policy-3.14.1-52.el8.noarch

How reproducible:
100%

Steps to Reproduce:
1. Start a guest with an extra empty cdrom:
    <disk type='file' device='cdrom'>
      <driver name='qemu'/>
      <target dev='hdc' bus='scsi'/>
      <readonly/>
      <alias name='scsi0-0-0-2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='2'/>
    </disk>

2. Change media for it:
# qemu-img create /var/lib/libvirt/images/test-sr0.img 50M
Formatting '/var/lib/libvirt/images/test-sr0.img', fmt=raw size=52428800

# virsh change-media avocado-vt-vm1 hdc  /var/lib/libvirt/images/test-sr0.img --insert
error: Failed to complete action insert on media
error: internal error: unable to execute QEMU command 'change': Could not open '/var/lib/libvirt/images/test-sr0.img': Permission denied

# cat avocado-vt-vm1.xml-update
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/var/lib/libvirt/images/test-sr0.img'/>
      <backingStore/>
      <target dev='hdc' bus='scsi'/>
      <readonly/>
      <alias name='scsi0-0-0-2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='2'/>
    </disk>
# virsh update-device avocado-vt-vm1 avocado-vt-vm1.xml-update --live
error: Failed to update device from avocado-vt-vm1.xml-update
error: internal error: unable to execute QEMU command 'change': Could not open '/var/lib/libvirt/images/test-sr0.img': Permission denied


Actual results:
As in step3, guest media device update failed with 'Permission denied' error. 

Expected results:
Guest media device should be successfully updated without any error.

Additional info:
1. Guest with the media inserted in cdrom can be started successfully. And then media eject or re-insert can be done successfully. So issue only happens when media change for the guest which was started with empty cdrom.
# virsh edit avocado-vt-vm1
Domain avocado-vt-vm1 XML configuration edited.

# virsh start avocado-vt-vm1
Domain avocado-vt-vm1 started

# virsh dumpxml avocado-vt-vm1|grep 'cdrom' -A8
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/var/lib/libvirt/images/test-sr0.img'/>
      <backingStore/>
      <target dev='hdc' bus='scsi'/>
      <readonly/>
      <alias name='scsi0-0-0-2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='2'/>
    </disk>

#  virsh change-media avocado-vt-vm1 hdc  /var/lib/libvirt/images/test-sr0.img --eject
Successfully ejected media.

#  virsh change-media avocado-vt-vm1 hdc  /var/lib/libvirt/images/test-sr0.img --insert
Successfully inserted media.

2.Not reproduced on following and previous version:
libvirt-4.5.0-18.module+el8+2691+dc742e5d.x86_64
qemu-kvm-2.12.0-58.module+el8+2707+d0d29961.x86_64
selinux-policy-3.14.1-51.el8.noarch

3.Errors in logs:
(a)# cat libvirtd.log |grep error
2019-01-29 09:16:23.784+0000: 25770: debug : qemuMonitorJSONIOProcessLine:197 : Line [{"id": "libvirt-18", "error": {"class": "GenericError", "desc": "Could not open '/var/lib/libvirt/images/test-sr0.img': Permission denied"}}]
2019-01-29 09:16:23.784+0000: 25770: debug : virJSONValueFromString:1814 : string={"id": "libvirt-18", "error": {"class": "GenericError", "desc": "Could not open '/var/lib/libvirt/images/test-sr0.img': Permission denied"}}
2019-01-29 09:16:23.784+0000: 25770: info : qemuMonitorJSONIOProcessLine:217 : QEMU_MONITOR_RECV_REPLY: mon=0x7fe2f802f090 reply={"id": "libvirt-18", "error": {"class": "GenericError", "desc": "Could not open '/var/lib/libvirt/images/test-sr0.img': Permission denied"}}
2019-01-29 09:16:23.784+0000: 25775: debug : virJSONValueToString:2005 : result={"id":"libvirt-18","error":{"class":"GenericError","desc":"Could not open '/var/lib/libvirt/images/test-sr0.img': Permission denied"}}
2019-01-29 09:16:23.784+0000: 25775: debug : qemuMonitorJSONCheckError:385 : unable to execute QEMU command {"execute":"change","arguments":{"device":"drive-scsi0-0-0-2","target":"/var/lib/libvirt/images/test-sr0.img","arg":"raw"},"id":"libvirt-18"}: {"id":"libvirt-18","error":{"class":"GenericError","desc":"Could not open '/var/lib/libvirt/images/test-sr0.img': Permission denied"}}
2019-01-29 09:16:23.784+0000: 25775: error : qemuMonitorJSONCheckError:396 : internal error: unable to execute QEMU command 'change': Could not open '/var/lib/libvirt/images/test-sr0.img': Permission denied
(b)# cat audit.log |grep avc -i
type=AVC msg=audit(1548753383.783:12155): avc:  denied  { write } for  pid=26104 comm="qemu-kvm" name="test-sr0.img" dev="dm-0" ino=67920256 scontext=system_u:system_r:svirt_t:s0:c423,c1007 tcontext=system_u:object_r:virt_content_t:s0 tclass=file permissive=0
type=AVC msg=audit(1548753383.790:12159): avc:  denied  { net_admin } for  pid=26261 comm="dbus-daemon-lau" capability=12  scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=AVC msg=audit(1548753383.790:12160): avc:  denied  { net_admin } for  pid=26261 comm="dbus-daemon-lau" capability=12  scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=AVC msg=audit(1548753383.792:12161): avc:  denied  { noatsecure } for  pid=26261 comm="dbus-daemon-lau" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1548753383.792:12161): avc:  denied  { rlimitinh } for  pid=26261 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1548753383.792:12161): avc:  denied  { siginh } for  pid=26261 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0


--- Additional comment from Peter Krempa on 2019-02-01 18:01:01 CET ---

This is a regression from https://bugzilla.redhat.com/show_bug.cgi?id=1553255

Fix posted upstream:

https://www.redhat.com/archives/libvir-list/2019-February/msg00060.html

--- Additional comment from Peter Krempa on 2019-02-04 09:55:31 CET ---

Fixed upstream:

commit 6db0d033839807aec885e10b5a45748da016e261
Author: Peter Krempa <pkrempa>
Date:   Fri Feb 1 17:54:46 2019 +0100

    qemu: command: Don't skip 'readonly' and throttling info for empty drive
    
    In commit f80eae8c2ae I was too agresive in removing properties of
    -drive for empty drives. It turns out that qemu actually persists the
    state of 'readonly' and the throttling information even for the empty
    drive.
    
    Removing 'readonly' thus made qemu open any subsequent images added via
    the 'change' command as RW which was forbidden by selinux thanks to the
    restrictive sVirt label for readonly media.
    
    Fix this by formating the property again and bump the tests and leave a
    note detailing why the rest of the properties needs to be skipped.