Bug 499569 - Guest with source-less cdrom fails to start :: Failed to set security label
Guest with source-less cdrom fails to start :: Failed to set security label
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Daniel Berrange
Fedora Extras Quality Assurance
: Reopened
: 499838 499844 (view as bug list)
Depends On:
Blocks: F12VirtBlocker
  Show dependency treegraph
Reported: 2009-05-07 04:57 EDT by Alan Pevec
Modified: 2013-01-10 00:12 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-07-03 05:58:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Skip labelling if no src path present (523 bytes, text/plain)
2009-05-10 22:20 EDT, Cole Robinson
no flags Details

  None (edit)
Description Alan Pevec 2009-05-07 04:57:38 EDT
Description of problem:
libvir: Security Labeling error : SELinuxSetFilecon: unable to set security context 'system_u:object_r:virt_content_t:s0' on (null): Bad address.
libvir: QEMU error : internal error Failed to set security label

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. create VM with virt-manager
2. reboot after installation
Actual results:
VM fails to start

Expected results:
VM starts normally

Additional info:
works after removing CDROM definition, seems that missing <source> is what makes it fail:
    <disk type='block' device='cdrom'>
      <target dev='hdc' bus='ide'/>
This is a valid CDROM definition, it represents CDROM w/o media.
Comment 1 Mark McLoughlin 2009-05-07 05:29:58 EDT
Sounds like libvirt-0.6.3-shared-readonly-label.patch needs to check disk->src is non-null ?

Relates to the fix for bug #493692
Comment 2 Daniel Berrange 2009-05-07 08:03:58 EDT
To temporarily work around this bug 

 - Open /etc/libvirt/qemu.conf in an editor
 - Set   security_driver="none"
 - service libvirtd restart

This disables the SELinux sVirt protection & re-labelling code, while still leaving the host as a whole protected (you basically just loose guest <-> guest protection)
Comment 3 Cole Robinson 2009-05-09 18:22:07 EDT
*** Bug 499838 has been marked as a duplicate of this bug. ***
Comment 4 Cole Robinson 2009-05-09 18:22:26 EDT
*** Bug 499844 has been marked as a duplicate of this bug. ***
Comment 5 Cole Robinson 2009-05-10 22:20:01 EDT
Created attachment 343309 [details]
Skip labelling if no src path present

Patch fixes things for me. I'll be committing to F11 and devel branches shortly.

I'll defer requesting an F11 tag for the package though since there are likely other high priority fixes we will want to get into a build for the final release, so we can just lump them together.
Comment 6 Mark McLoughlin 2009-05-11 06:15:57 EDT
* Sun May 10 2009 Cole Robinson <crobinso@redhat.com> - 0.6.2-8.fc11
- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)

Comment 7 Mark McLoughlin 2009-05-12 10:45:39 EDT
Tagged for F11:


If someone could re-test and close, that would be most useful
Comment 8 Tim Waugh 2009-05-12 11:38:34 EDT
Works fine here with libvirt-0.6.2-8.fc11.x86_64.
Comment 9 Mark McLoughlin 2009-05-12 12:00:39 EDT
Thanks Tim
Comment 10 Mark McLoughlin 2009-07-03 05:46:50 EDT
Patch never got upstream, was dropped by the 0.6.4 rebase in F-12, re-opening

Patch posted upstream here:


Hopefully will be in 0.6.5
Comment 11 Mark McLoughlin 2009-07-03 05:58:47 EDT
* Fri Jul  3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-3.fc12
- Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)

Note You need to log in before you can comment on or make changes to this bug.