This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 234166 - QEMU file descriptor leak causes SELinux errors when starting HVM domain
QEMU file descriptor leak causes SELinux errors when starting HVM domain
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Xen Maintainance List
:
Depends On: 222687
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-27 11:30 EDT by Daniel Berrange
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHEA-2007-0635
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 12:10:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Close file handles before running network scripts (1.38 KB, patch)
2007-03-27 11:32 EDT, Daniel Berrange
no flags Details | Diff

  None (edit)
Description Daniel Berrange 2007-03-27 11:30:28 EDT
+++ This bug was initially created as a clone of Bug #222687 +++

Description of problem:
Whenever I start a Xen domain created using virt-install, there are SELinux denials.

Version-Release number of selected component (if applicable):
net-tools-1.60-73

How reproducible:
Every time

Steps to Reproduce:
1. Start a Xen domain
2.
3.
  
Actual results:
SELinux denials reported (I'm in permissive mode at the moment, until these
problems are resolved)

Expected results:
Domain starts normally

Additional info:

-- Additional comment from bloch@verdurin.com on 2007-01-15 13:45 EST --
Created an attachment (id=145604)
Error report via setroubleshoot


-- Additional comment from dwalsh@redhat.com on 2007-01-15 15:14 EST --
Did this actually block something from working?  If you try this in enforcing
mode do you see errors?  This looks like xen is leaking an open descriptor to
the xen_image_t file.  There is no reason ifconfig should ever need to
read/write this disk image.  I believe this should work in enforcing mode.

-- Additional comment from bloch@verdurin.com on 2007-01-16 14:04 EST --
Yes, there are errors when running in enforcing mode, though things do appear to
be working.

-- Additional comment from berrange@redhat.com on 2007-03-27 11:25 EST --
QEMU was leaking file handles to the networking scripts which caused SELinux
errors. This was fixed in Xen 3.0.3-7.fc6

* Tue Mar  6 2007 Daniel P. Berrange <berrange@redhat.com> - 3.0.3-7.fc6
- Ensure PVFB daemon terminates if domain doesn't startup (bz 230634)
- Fix ia64 shadow page table mode
- Close QEMU file handles when running network script

Please upgrade & confirm that the errors went away.
Comment 1 Daniel Berrange 2007-03-27 11:32:18 EDT
Created attachment 151040 [details]
Close file handles before running network scripts

This is the patch applied upstream & to Fedora to fix QEMU filehandle leak
Comment 2 RHEL Product and Program Management 2007-03-27 11:43:57 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 Daniel Berrange 2007-06-14 10:49:45 EDT
Built into dist-5E-qu-candidate as xen-3.0.3-27.el5


* Thu Jun 14 2007 Daniel P. Berrange <berrange@redhat.com> - 3.0.3-27.el5
- Update low level (non-XenD) userspace to work with 3.1.0 hypervisor
(rhbz#243462, rhbz#234166, rhbz#230790)
Comment 7 errata-xmlrpc 2007-11-07 12:10:13 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2007-0635.html

Note You need to log in before you can comment on or make changes to this bug.