Bug 239572 - blktapctrl dies if creation of /var/run/tap/tapctrlread1 fails
blktapctrl dies if creation of /var/run/tap/tapctrlread1 fails
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: xen (Show other bugs)
9
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Richard W.M. Jones
bzcl34nup
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-09 11:37 EDT by Richard W.M. Jones
Modified: 2008-09-09 09:06 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-09 09:06:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard W.M. Jones 2007-05-09 11:37:19 EDT
Description of problem:

If creation of /var/run/tap/tapctrlread1 fails, then the blktapctrl process
itself dies.  The consequence of this is that any further attempts to create
domains cause the domains to not be able to see any of their tap disks.

I discovered this as a side-effect of bug 239449.

Version-Release number of selected component (if applicable):

xen-3.1.0-0.rc7.1.fc7

How reproducible:

Always on my test machine.

Steps to Reproduce:

1. Boot machine either with setenforce Enforcing (or change SELinux to Enforcing
after boot).  Notice that blktapctrl process is running as you would expect.

2. Use virt-manager to create a new domain.  Use a disk image for storage.  This
will fail (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239449#c2) - and
you should see that blktapctrl process has now disappeared.

3. Change SELinux to Permissive and use virt-manager to create another domain. 
Again, use a disk image for storage.
  
Actual results:

The second install in step 3 will fail because the domain will be unable to see
its disk.

Expected results:

Domain should be able to see its disk, or virt-manager should produce an error
because blktapctrl is unavailable.

Additional info:

Rebooting or running service xend restart fixes the problem by restarting
blktapctrl.

AVC failure (NB: only the first one because Enforcing):

audit(1178723555.374:16): avc:  denied  { create } for  pid=2981
comm="blktapctrl" name="tapctrlread1" scontext=system_u:system_r:xend_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=fifo_file

audit2allow on the above:

#============= xend_t ==============
allow xend_t var_run_t:fifo_file create;
Comment 1 Richard W.M. Jones 2007-11-19 10:37:50 EST
Change status to NEEDINFO of me - I need to check if this
still happens with current SELinux policy.
Comment 2 Bug Zapper 2008-04-03 20:37:13 EDT
Based on the date this bug was created, it appears to have been reported
against rawhide during the development of a Fedora release that is no
longer maintained. In order to refocus our efforts as a project we are
flagging all of the open bugs for releases which are no longer
maintained. If this bug remains in NEEDINFO thirty (30) days from now,
we will automatically close it.

If you can reproduce this bug in a maintained Fedora version (7, 8, or
rawhide), please change this bug to the respective version and change
the status to ASSIGNED. (If you're unable to change the bug's version
or status, add a comment to the bug and someone will change it for you.)

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
Comment 3 Richard W.M. Jones 2008-04-04 06:11:36 EDT
I checked the SELinux policy but it doesn't look like it
contains the correct rule to fix this.  However need to
retest when I get my machine back to Xen.

Assigning this back to me.
Comment 4 Bug Zapper 2008-05-13 22:53:00 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Richard W.M. Jones 2008-09-09 09:06:34 EDT
Very old bug with very little interest, so closing WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.