1792814 – xattr on target image not cleaned when blockcommit finished

Bug 1792814 - xattr on target image not cleaned when blockcommit finished

Summary: xattr on target image not cleaned when blockcommit finished

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	8.2
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	8.0
Assignee:	Michal Privoznik
QA Contact:	yisun
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-20 03:53 UTC by yisun
Modified:	2021-02-22 15:39 UTC (History)
CC List:	7 users (show)
Fixed In Version:	libvirt-6.6.0-8.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-02-22 15:39:38 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description yisun 2020-01-20 03:53:04 UTC

Description of problem:
xattr on target image not cleaned when blockcommit finished

Version-Release number of selected component (if applicable):
(.libvirt-ci-venv-ci-runtest-jcaFve) [root@dell-per730-67 ~]# rpm -qa | egrep "^libvirt-6|^qemu-kvm-4"
qemu-kvm-4.2.0-6.module+el8.2.0+5453+31b2b136.x86_64
libvirt-6.0.0-1.module+el8.2.0+5453+31b2b136.x86_64

How reproducible:
100

Not reproduced with:
libvirt-5.9.0-4.module+el8.2.0+4836+a8e32ad7.x86_64
qemu-kvm qemu-kvm-4.2.0-1.module+el8.2.0+4793+b09dd2fb.x86_64

Steps to Reproduce:
1. create 2 snapshots for vm1
(.libvirt-ci-venv-ci-runtest-jcaFve) [root@dell-per730-67 ~]# virsh snapshot-create-as vm1 s1 --disk-only
Domain snapshot s1 created
(.libvirt-ci-venv-ci-runtest-jcaFve) [root@dell-per730-67 ~]# virsh snapshot-create-as vm1 s2 --disk-only
Domain snapshot s2 created

2. blockcommit from s1 to base image
(.libvirt-ci-venv-ci-runtest-jcaFve) [root@dell-per730-67 ~]# virsh blockcommit vm1 vda --top /var/lib/avocado/data/avocado-vt/images/jeos-27-x86_64.s1  --base /var/lib/avocado/data/avocado-vt/images/jeos-27-x86_64.qcow2
Block Commit started
(.libvirt-ci-venv-ci-runtest-jcaFve) [root@dell-per730-67 ~]# virsh blockjob vm1 vda
No current block job for vda

3. create another snapshot s3
(.libvirt-ci-venv-ci-runtest-jcaFve) [root@dell-per730-67 ~]# virsh snapshot-create-as vm1 s3 --disk-only
Domain snapshot s3 created

4. do blockcommit from s3 to base image, failed
(.libvirt-ci-venv-ci-runtest-jcaFve) [root@dell-per730-67 ~]# virsh blockcommit vm1 vda --top /var/lib/avocado/data/avocado-vt/images/jeos-27-x86_64.s3  --base /var/lib/avocado/data/avocado-vt/images/jeos-27-x86_64.qcow2 --pivot
error: internal error: child reported (status=125): Requested operation is not valid: Setting different SELinux label on /var/lib/avocado/data/avocado-vt/images/jeos-27-x86_64.qcow2 which is already in use

5. (.libvirt-ci-venv-ci-runtest-jcaFve) [root@dell-per730-67 ~]# getfattr -n trusted.libvirt.security.ref_selinux  /var/lib/avocado/data/avocado-vt/images/jeos-27-x86_64.qcow2
getfattr: Removing leading '/' from absolute path names
# file: var/lib/avocado/data/avocado-vt/images/jeos-27-x86_64.qcow2
trusted.libvirt.security.ref_selinux="1"


Actual results:
As above, step 4 failed due to base image's xattr not clean

Expected results:
xattr cleaned after step 2 successful

Comment 3 yisun 2020-11-12 08:48:47 UTC

behaviour changed a little in latest rhelav build:
libvirt-6.6.0-8.module+el8.3.1+8648+130818f2.x86_64
qemu-kvm-5.1.0-13.module+el8.3.0+8424+e82f331d.x86_64

[root@dell-per730-62 ~]# virsh snapshot-create-as vm1 s1 --disk-only
Domain snapshot s1 created
[root@dell-per730-62 ~]# virsh snapshot-create-as vm1 s2 --disk-only
Domain snapshot s2 created
[root@dell-per730-62 ~]# fvirsh blockcommit vm1 vda --top /var/lib/libvirt/images/jeos-27-x86_64.s1  --base /var/lib/libvirt/images/jeos-27-x86_64.qcow2
-bash: fvirsh: command not found
[root@dell-per730-62 ~]# getenforce 
Enforcing
[root@dell-per730-62 ~]# virsh blockcommit vm1 vda --top /var/lib/libvirt/images/jeos-27-x86_64.s1  --base /var/lib/libvirt/images/jeos-27-x86_64.qcow2
Block Commit started
[root@dell-per730-62 ~]# virsh blockjob vm1 vda
No current block job for vda
[root@dell-per730-62 ~]# virsh snapshot-create-as vm1 s3 --disk-only
Domain snapshot s3 created
[root@dell-per730-62 ~]# virsh blockcommit vm1 vda --top /var/lib/libvirt/images/jeos-27-x86_64.s3  --base /var/lib/libvirt/images/jeos-27-x86_64.qcow2 --pivot
Successfully pivoted
<======= not failed here
[root@dell-per730-62 ~]# getfattr -n trusted.libvirt.security.ref_selinux  /var/lib/libvirt/images/jeos-27-x86_64.qcow2
getfattr: Removing leading '/' from absolute path names
# file: var/lib/libvirt/images/jeos-27-x86_64.qcow2
trusted.libvirt.security.ref_selinux="1"

Comment 4 Michal Privoznik 2020-11-12 12:05:48 UTC

(In reply to yisun from comment #3)
> behaviour changed a little in latest rhelav build:
> libvirt-6.6.0-8.module+el8.3.1+8648+130818f2.x86_64
> qemu-kvm-5.1.0-13.module+el8.3.0+8424+e82f331d.x86_64
> 

> [root@dell-per730-62 ~]# virsh blockcommit vm1 vda --top
> /var/lib/libvirt/images/jeos-27-x86_64.s3  --base
> /var/lib/libvirt/images/jeos-27-x86_64.qcow2 --pivot
> Successfully pivoted
> <======= not failed here
> [root@dell-per730-62 ~]# getfattr -n trusted.libvirt.security.ref_selinux 
> /var/lib/libvirt/images/jeos-27-x86_64.qcow2
> getfattr: Removing leading '/' from absolute path names
> # file: var/lib/libvirt/images/jeos-27-x86_64.qcow2
> trusted.libvirt.security.ref_selinux="1"

Isn't this expected? The disk was pivoted back to /var/lib/libvirt/images/jeos-27-x86_64.qcow2 and thus the file was relabeled and is in use (one time exactly). I think, what you'll find is that 'virsh domblklist vm1' will print:

 Target   Source
-------------------------------------------------
 vda      /var/lib/libvirt/images/jeos-27-x86_64.qcow2


In my opinion, this is fixed.

Comment 5 yisun 2020-11-13 03:02:41 UTC

(In reply to Michal Privoznik from comment #4)
> (In reply to yisun from comment #3)
> > behaviour changed a little in latest rhelav build:
> > libvirt-6.6.0-8.module+el8.3.1+8648+130818f2.x86_64
> > qemu-kvm-5.1.0-13.module+el8.3.0+8424+e82f331d.x86_64
> > 
> 
> > [root@dell-per730-62 ~]# virsh blockcommit vm1 vda --top
> > /var/lib/libvirt/images/jeos-27-x86_64.s3  --base
> > /var/lib/libvirt/images/jeos-27-x86_64.qcow2 --pivot
> > Successfully pivoted
> > <======= not failed here
> > [root@dell-per730-62 ~]# getfattr -n trusted.libvirt.security.ref_selinux 
> > /var/lib/libvirt/images/jeos-27-x86_64.qcow2
> > getfattr: Removing leading '/' from absolute path names
> > # file: var/lib/libvirt/images/jeos-27-x86_64.qcow2
> > trusted.libvirt.security.ref_selinux="1"
> 
> Isn't this expected? The disk was pivoted back to
> /var/lib/libvirt/images/jeos-27-x86_64.qcow2 and thus the file was relabeled
> and is in use (one time exactly). I think, what you'll find is that 'virsh
> domblklist vm1' will print:
> 
>  Target   Source
> -------------------------------------------------
>  vda      /var/lib/libvirt/images/jeos-27-x86_64.qcow2
> 
> 
> In my opinion, this is fixed.

hmm, yes, it's fixed. I'll directly set this to verified.

Comment 8 errata-xmlrpc 2021-02-22 15:39:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0639

Note You need to log in before you can comment on or make changes to this bug.