Description: Destroy vm with ongoing blockcopy will leave xattr on destination image Versions: libvirt-5.6.0-4.module+el8.1.0+4160+b50057dc.x86_64 How reproducible: 100% Steps: 1. create a transient vm [root@ibm-x3250m6-06 domain]# virsh create /root/vm.xml Domain avocado-vt-vm1 created from /root/vm.xml 2. do blockcopy [root@ibm-x3250m6-06 domain]# virsh blockcopy avocado-vt-vm1 vda /tmp/disk.copy Block Copy started [root@ibm-x3250m6-06 domain]# virsh blockjob avocado-vt-vm1 vda Block Copy: [100 %] 3. destroy vm [root@ibm-x3250m6-06 domain]# virsh destroy avocado-vt-vm1 Domain avocado-vt-vm1 destroyed 4. the destination image will have some xattrs as follow: [root@ibm-x3250m6-06 domain]# getfattr -n trusted.libvirt.security.ref_selinux /tmp/disk.copy getfattr: Removing leading '/' from absolute path names # file: tmp/disk.copy trusted.libvirt.security.ref_selinux="1"
I think this might be fixed meanwhile, but let me check before declaring it so. Unfortunately, it didn't get enough attention.
Yeah, I can't reproduce anymore. Should I make this TestOnly so that it's properly tested?
I just try this with 8.3.1 latest av build and seems still reproducible, pls have a check. [root@dell-per740xd-12 ~]# rpm -qa | grep ^libvirt-6 libvirt-6.6.0-8.module+el8.3.1+8648+130818f2.x86_64 [root@dell-per740xd-12 ~]# virsh create vm.xml Domain vm1 created from vm.xml [root@dell-per740xd-12 ~]# virsh blockcopy vm1 vda /tmp/disk.copy Block Copy started [root@dell-per740xd-12 ~]# virsh blockjob vm1 vda Block Copy: [ 60 %] [root@dell-per740xd-12 ~]# virsh destroy vm1 Domain vm1 destroyed [root@dell-per740xd-12 ~]# getfattr -n trusted.libvirt.security.ref_selinux /tmp/disk.copy getfattr: Removing leading '/' from absolute path names # file: tmp/disk.copy trusted.libvirt.security.ref_selinux="1" <=== here the blockcopy target file has xattr left And if we do a blockcopy with --reuse-external again, it will be failed. [root@dell-per740xd-12 ~]# virsh create vm.xml Domain vm1 created from vm.xml [root@dell-per740xd-12 ~]# virsh blockcopy vm1 vda /tmp/disk.copy --reuse-external error: Requested operation is not valid: Setting different SELinux label on /tmp/disk.copy which is already in use
Patch proposed upstream: https://www.redhat.com/archives/libvir-list/2020-December/msg00541.html
Merged upstream: 5ac2439a83 qemu_process: Release domain seclabel later in qemuProcessStop() v6.10.0-322-g5ac2439a83
PreVerified with libvirt-6.10.0-1.fc34.x86_64 result: PASS ➜ fedora virsh start pc Domain 'pc' started ➜ fedora virsh undefine pc Domain 'pc' has been undefined ➜ fedora virsh blockcopy pc vda /tmp/disk.copy Block Copy started ➜ fedora virsh blockjob pc vda; virsh destroy pc Block Copy: [ 20 %] Domain 'pc' destroyed ➜ fedora getfattr -n trusted.libvirt.security.ref_selinux /tmp/disk.copy /tmp/disk.copy: trusted.libvirt.security.ref_selinux: No such attribute
PASSED: libvirt-7.0.0-1.module+el8.4.0+9464+3e71831a.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2098