Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1884276

Summary: Pod with kata-runtime won't start, QEMU: "vhost_user_dev init failed, Operation not permitted" [mkdtemp failing in sandboxing]
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: Jens Freimann <jfreiman>
Component: qemu-kvmAssignee: Dr. David Alan Gilbert <dgilbert>
qemu-kvm sub component: virtio-fs QA Contact: menli <menli>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: aadam, ailan, aos-bugs, cmeadors, ddepaula, dgilbert, ehadley, fidencio, jinzhao, juzhang, lijin, mjenner, mtessun, qcai, sgarzare, stefanha, toneata, virt-maint
Version: 8.3Keywords: TestBlocker, ZStream
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.3   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-5.1.0-14.module+el8.3.0+8438+644aff69 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1880932
: 1889306 (view as bug list) Environment:
Last Closed: 2020-11-17 17:51:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1880932    
Bug Blocks: 1889306    

Comment 1 Jens Freimann 2020-10-06 14:10:20 UTC 
A patch was posted by stefanha on qemu-devel, subject "[PATCH] virtiofsd: avoid /proc/self/fd tempdir"

It gets rid of the temporary directy, this means it fixes our problem and we don't
need an additonal fix of the SELinux rules.

Fabiano and I tested it and verified that it solves the problem we see here.
Comment 4 Danilo de Paula 2020-10-08 14:02:54 UTC 
Moving it back to ASSIGNED.
This is targeting av-8.3.0, no patch has been posted in the downstream list.
Comment 5 John Ferlan 2020-10-08 14:18:09 UTC 
FYI: Upstream posting: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg01315.html
is in a PULL request: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg01855.html
Comment 6 Cameron Meadors 2020-10-08 14:49:15 UTC 
I will be verifying this from through my kata conntainers testing with openshift.
Comment 8 Danilo de Paula 2020-10-08 18:16:31 UTC 
Since there's commitment to get this done, and since Jens is already working to backport the ptach, I believe we can grant devel+ on that premise.
Comment 9 Cameron Meadors 2020-10-09 14:57:11 UTC 
I have verified the fix works on scratch build.  Pods can stop and start.

Cluster version is 4.6.0-0.nightly-2020-10-06-122805

One the nodes:
# rpm -qa qemu*
qemu-kvm-core-4.2.0-32.module+el8.2.1+6815+1c792dc8.1.jfreiman202010081315.x86_64
qemu-img-4.2.0-32.module+el8.2.1+6815+1c792dc8.1.jfreiman202010081315.x86_64
qemu-kvm-common-4.2.0-32.module+el8.2.1+6815+1c792dc8.1.jfreiman202010081315.x86_64

From a quick scan, I don't see any obvious errors or warning in logs.

Will retest on official builds with openshift rc when available.
Comment 10 Dr. David Alan Gilbert 2020-10-12 15:46:15 UTC 
Commit just landed upstream:

ebf101955ce8f8d72fba virtiofsd: avoid /proc/self/fd tempdir
Comment 11 Dr. David Alan Gilbert 2020-10-12 18:40:06 UTC 
Taking this
Comment 16 menli@redhat.com 2020-10-19 07:21:46 UTC 
Test regular regression testing on qemu-kvm-5.1.0-14.module+el8.3.0+8438+644aff69 , the change not break normal operation.

change status to verified.
Comment 18 Qian Cai 2020-10-22 21:35:54 UTC 
*** Bug 1890718 has been marked as a duplicate of this bug. ***
Comment 20 errata-xmlrpc 2020-11-17 17:51:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:5137