1770272 – virt-handler fails to start due to a missing SEinux policy file

Bug 1770272 - virt-handler fails to start due to a missing SEinux policy file

Summary: virt-handler fails to start due to a missing SEinux policy file

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Virtualization
Sub Component:
Version:	2.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	2.2.0
Assignee:	Marc Sluiter
QA Contact:	vsibirsk
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-11-08 15:14 UTC by Simone Tiraboschi
Modified:	2020-01-30 16:27 UTC (History)
CC List:	7 users (show)
Fixed In Version:	virt-handler:v2.2.0-3, HCO 100 (rh-verified-operators)
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-01-30 16:27:30 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2020:0307	0	None	None	None	2020-01-30 16:27:42 UTC

Description Simone Tiraboschi 2019-11-08 15:14:43 UTC

Description of problem:
virt-handler fails to start due to a missing SEinux policy file:
[cnv-qe-jenkins@cnv-executor-stirabos ~]$ oc logs -n openshift-cnv                                           virt-handler-mdqcq
{"component":"virt-handler","hostname":"host-172-16-0-29","level":"info","pos":"virt-handler.go:187","timestamp":"2019-11-08T14:41:54.264904Z"}
panic: failed to install virt-launcher selinux policy: failed to copy policy /var/run/kubevirt/base_container.cil - err: failed to read a policy file /base_container.cil: open /base_container.cil: no such file or directory
 
goroutine 1 [running]:
main.(*virtHandlerApp).Run(0xc000406300)
        /go/src/kubevirt.io/kubevirt/cmd/virt-handler/virt-handler.go:219 +0x1b70
main.main()
        /go/src/kubevirt.io/kubevirt/cmd/virt-handler/virt-handler.go:461 +0x6e

Version-Release number of selected component (if applicable):
container-native-virtualization-virt-operator:v2.2.0-2
container-native-virtualization-hyperconverged-cluster-operator:v2.2.0-3

How reproducible:
100%

Steps to Reproduce:
1. try to deploy CNV
2.
3.

Actual results:
openshift-cnv                                           virt-handler-5qq5g                                                0/1     CrashLoopBackOff   13         43m

Expected results:
virt-handler correctly starts

Additional info:

Comment 4 Israel Pinto 2019-12-19 17:57:28 UTC

Wrong BZ sorry for the mass

Comment 5 vsibirsk 2019-12-22 15:07:40 UTC

verified on:

oc version
Client Version: v4.2.5
Server Version: 4.3.0-0.nightly-2019-12-19-050538
Kubernetes Version: v1.16.2

oc get csv -n openshift-cnv
NAME                                      DISPLAY                                    VERSION   REPLACES                                  PHASE
kubevirt-hyperconverged-operator.v2.2.0   Container-native virtualization Operator   2.2.0     kubevirt-hyperconverged-operator.v2.1.0   Succeeded


after deploying cnv all virt-handler pods are up and running, base_container.cil & virt_launcher.cil files are inside pods.

Comment 7 errata-xmlrpc 2020-01-30 16:27:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:0307

Note You need to log in before you can comment on or make changes to this bug.