2012223 – Operation not permitted in setting unpriv_sgio for KubeVirt [rhel-8.4.0.z]

Bug 2012223 - Operation not permitted in setting unpriv_sgio for KubeVirt [rhel-8.4.0.z]

Summary: Operation not permitted in setting unpriv_sgio for KubeVirt [rhel-8.4.0.z]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	8.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	8.5
Assignee:	Michal Privoznik
QA Contact:	Han Han
Docs Contact:
URL:
Whiteboard:
Depends On:	2010306
Blocks:
TreeView+	depends on / blocked

Reported:	2021-10-08 15:16 UTC by RHEL Program Management Team
Modified:	2021-11-03 08:47 UTC (History)
CC List:	9 users (show)
Fixed In Version:	libvirt-7.0.0-14.5.el8
Doc Type:	Bug Fix
Doc Text:	Cause: When a guest has a LUN disk or a SCSI controller passtrhough configured and either of these has sgio attribute set (either to 'unfiltered' or 'filtered') then libvirt sets a value under /sys (aka sysfs) to allow the guest (running as unprivileged) to issue or prevent from issuing of privileged SCSI commands (aka unprivileged SGIO). However, when libvirt runs inside a container where it's possible that sysfs was prepared upfront and is not writable then setting the value fails which in turn aborts the guest startup. Well, it's possible that the orchestration tool that runs the container has set up the correct value upfront so libvirt doesn't need to bother in that case. Consequence: Guests with LUNs or passedthrough SCSI controllers might have been denied to start. Fix: When the conditions are met for libvirt to set the unprivileged SGIO it firstly check whether the desired value is not set already and tries to change it only if it isn't. Result: Guest can now run happily in containers.
Clone Of:	2010306
Environment:
Last Closed:	2021-11-03 08:47:19 UTC
Type:	---
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-99357	0	None	None	None	2021-10-09 07:29:30 UTC

Comment 4 Han Han 2021-10-21 09:30:49 UTC

Verified as https://bugzilla.redhat.com/show_bug.cgi?id=2010306#c22 on libvirt-7.0.0-14.5.module+el8.4.0+13026+f38c77ab.x86_64 qemu-kvm-5.2.0-16.module+el8.4.0+12596+209e4022.10.x86_64

Comment 6 errata-xmlrpc 2021-11-03 08:47:19 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: virt:av and virt-devel:av security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4112

Note You need to log in before you can comment on or make changes to this bug.