Bug 496945 - libvirt should own /var/cache/libvirt in spec file
libvirt should own /var/cache/libvirt in spec file
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Veillard
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: F11VirtTarget
  Show dependency treegraph
 
Reported: 2009-04-21 14:36 EDT by Daniel Walsh
Modified: 2009-04-30 03:06 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-30 03:06:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Walsh 2009-04-21 14:36:53 EDT
Description of problem:



SELinux is not labeling it properly and init script is trying to create the directory on start.  Ends up with the wrong label.
Comment 1 Mark McLoughlin 2009-04-22 02:46:15 EDT
Dan, what ends up breaking as a result?

(i.e. should it be on the blocker list?)
Comment 2 Daniel Berrange 2009-04-22 04:46:55 EDT
THe /var/cache/libvirt directory gets wrong SELinux labelling, so virDomainMemoryPeek() api will fail if running SELinux enforcing mode.
Comment 3 Daniel Walsh 2009-04-22 07:47:04 EDT
Well only if you remove the unconfined.pp package,   Since by default libvirt is currently running as an unconfined domain.  If qemu processes do not use this directory, nothing bad should happen.  But these files will remain mislabeled until we trigger a relabel, and could cause other problems.
Comment 4 Daniel Berrange 2009-04-22 07:55:17 EDT
Actually QEMU processes do use this directory.

What happens with virDomainPeek is:

 - Application invokes virDomainPeek
 - Libvirt's QEMU driver, talks to the QEMU monitor console to say 'dump memory region XXX to /var/cache/libivirt/mem.YYYY'
 - QEMU now writes that requested memory region to the given file
 - libvirtd them reads the data from that file & deletes it


So, QEMU needs to be able to create new files in that directory, and thus we need to make sure labelling is correct.
Comment 5 Daniel Walsh 2009-04-22 08:15:00 EDT
Ok then this needs to be fixed.
Comment 6 Daniel Veillard 2009-04-28 05:39:10 EDT
I just build libvirt-0.6.3-2.fc12 in rawhide with the fix,

Daniel
Comment 7 Mark McLoughlin 2009-04-28 06:15:14 EDT
DV: you've built the fix into dist-f12, but rawhide is built from dist-f11 at the moment. We need it fixed for F-11, too

So, you'll need to:

  1) Fix in rpms/libvirt/F-11 and build; the build will go to 
     dist-f11-updates-candidate

  2) Request rel-eng to tag it into dist-f11 according to
     https://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy
Comment 8 Daniel Veillard 2009-04-28 07:36:50 EDT
1) done libvirt-0.6.2-3.fc11 built in dist-f11-updates-candidate

I let you do 2) 

Daniel
Comment 9 Mark McLoughlin 2009-04-28 10:15:47 EDT
Tag request https://fedorahosted.org/rel-eng/ticket/1673
Comment 10 Mark McLoughlin 2009-04-30 03:06:52 EDT
This is in rawhide now

Note You need to log in before you can comment on or make changes to this bug.