Bug 499569 - Guest with source-less cdrom fails to start :: Failed to set security label
Summary: Guest with source-less cdrom fails to start :: Failed to set security label
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: libvirt
Version: rawhide
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Daniel Berrangé
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 499838 499844 (view as bug list)
Depends On:
Blocks: F12VirtBlocker
TreeView+ depends on / blocked
 
Reported: 2009-05-07 08:57 UTC by Alan Pevec
Modified: 2013-01-10 05:12 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-07-03 09:58:47 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Skip labelling if no src path present (523 bytes, text/plain)
2009-05-11 02:20 UTC, Cole Robinson 		no flags Details
View All

Description Alan Pevec 2009-05-07 08:57:38 UTC 
Description of problem:
libvir: Security Labeling error : SELinuxSetFilecon: unable to set security context 'system_u:object_r:virt_content_t:s0' on (null): Bad address.
libvir: QEMU error : internal error Failed to set security label

Version-Release number of selected component (if applicable):
libvirt-0.6.2-4.fc11.x86_64
virt-manager-0.7.0-4.fc11.x86_64
python-virtinst-0.400.3-7.fc11.noarch

How reproducible:
always

Steps to Reproduce:
1. create VM with virt-manager
2. reboot after installation
3.
  
Actual results:
VM fails to start

Expected results:
VM starts normally

Additional info:
works after removing CDROM definition, seems that missing <source> is what makes it fail:
    <disk type='block' device='cdrom'>
      <target dev='hdc' bus='ide'/>
      <readonly/>
    </disk>
This is a valid CDROM definition, it represents CDROM w/o media.
Comment 1 Mark McLoughlin 2009-05-07 09:29:58 UTC 
Sounds like libvirt-0.6.3-shared-readonly-label.patch needs to check disk->src is non-null ?

Relates to the fix for bug #493692
Comment 2 Daniel Berrangé 2009-05-07 12:03:58 UTC 
To temporarily work around this bug 

 - Open /etc/libvirt/qemu.conf in an editor
 - Set   security_driver="none"
 - service libvirtd restart

This disables the SELinux sVirt protection & re-labelling code, while still leaving the host as a whole protected (you basically just loose guest <-> guest protection)
Comment 3 Cole Robinson 2009-05-09 22:22:07 UTC 
*** Bug 499838 has been marked as a duplicate of this bug. ***
Comment 4 Cole Robinson 2009-05-09 22:22:26 UTC 
*** Bug 499844 has been marked as a duplicate of this bug. ***
Comment 5 Cole Robinson 2009-05-11 02:20:01 UTC 
Created attachment 343309 [details]
Skip labelling if no src path present

Patch fixes things for me. I'll be committing to F11 and devel branches shortly.

I'll defer requesting an F11 tag for the package though since there are likely other high priority fixes we will want to get into a build for the final release, so we can just lump them together.
Comment 6 Mark McLoughlin 2009-05-11 10:15:57 UTC 
* Sun May 10 2009 Cole Robinson <crobinso> - 0.6.2-8.fc11
- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)

http://koji.fedoraproject.org/koji/buildinfo?buildID=101640
Comment 7 Mark McLoughlin 2009-05-12 14:45:39 UTC 
Tagged for F11:

  https://fedorahosted.org/rel-eng/ticket/1777

If someone could re-test and close, that would be most useful
Comment 8 Tim Waugh 2009-05-12 15:38:34 UTC 
Works fine here with libvirt-0.6.2-8.fc11.x86_64.
Comment 9 Mark McLoughlin 2009-05-12 16:00:39 UTC 
Thanks Tim
Comment 10 Mark McLoughlin 2009-07-03 09:46:50 UTC 
Patch never got upstream, was dropped by the 0.6.4 rebase in F-12, re-opening

Patch posted upstream here:

  http://www.redhat.com/archives/libvir-list/2009-July/msg00050.html

Hopefully will be in 0.6.5
Comment 11 Mark McLoughlin 2009-07-03 09:58:47 UTC 
* Fri Jul  3 2009 Mark McLoughlin <markmc> - 0.6.4-3.fc12
- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)
Note You need to log in before you can comment on or make changes to this bug.