Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2012223

Summary: Operation not permitted in setting unpriv_sgio for KubeVirt [rhel-8.4.0.z]
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: Han Han <hhan>
Severity: high Docs Contact:
Priority: high    
Version: 8.5CC: abologna, fdeutsch, jdenemar, jsuchane, lmen, mprivozn, virt-maint, yalzhang, ymankad
Target Milestone: rcKeywords: Triaged, Upstream, ZStream
Target Release: 8.5Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-7.0.0-14.5.el8 Doc Type: Bug Fix
Doc Text:
Cause: When a guest has a LUN disk or a SCSI controller passtrhough configured and either of these has sgio attribute set (either to 'unfiltered' or 'filtered') then libvirt sets a value under /sys (aka sysfs) to allow the guest (running as unprivileged) to issue or prevent from issuing of privileged SCSI commands (aka unprivileged SGIO). However, when libvirt runs inside a container where it's possible that sysfs was prepared upfront and is not writable then setting the value fails which in turn aborts the guest startup. Well, it's possible that the orchestration tool that runs the container has set up the correct value upfront so libvirt doesn't need to bother in that case. Consequence: Guests with LUNs or passedthrough SCSI controllers might have been denied to start. Fix: When the conditions are met for libvirt to set the unprivileged SGIO it firstly check whether the desired value is not set already and tries to change it only if it isn't. Result: Guest can now run happily in containers.
 Story Points: ---
Clone Of: 2010306 Environment:
Last Closed: 2021-11-03 08:47:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2010306    
Bug Blocks:    

Comment 4 Han Han 2021-10-21 09:30:49 UTC 
Verified as https://bugzilla.redhat.com/show_bug.cgi?id=2010306#c22 on libvirt-7.0.0-14.5.module+el8.4.0+13026+f38c77ab.x86_64 qemu-kvm-5.2.0-16.module+el8.4.0+12596+209e4022.10.x86_64
Comment 6 errata-xmlrpc 2021-11-03 08:47:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: virt:av and virt-devel:av security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4112