Bug 510507 - file context restored by stopped guest while others guests using a shared file
Summary: file context restored by stopped guest while others guests using a shared file
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: libvirt
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Veillard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-09 14:55 UTC by Gene Czarcinski
Modified: 2009-08-04 15:12 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-04 15:12:54 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Gene Czarcinski 2009-07-09 14:55:32 UTC 
Description of problem:
When two or more guests are sharing a common disk/CD/DVD, the file's context is set to "virt_content_t" when the first guest starts to run.  However, the first of those guests to stop running will restorecon the file's context even though the other guests may still be attempting to access that file.

Version-Release number of selected component (if applicable):
Fedora 11 plus preview:
libvirt.x86_64                      0.6.5-1.fc11                  @rawvirt      
libvirt-python.x86_64               0.6.5-1.fc11                  @rawvirt      
qemu.x86_64                         2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-common.x86_64                  2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-img.x86_64                     2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-kvm.x86_64                     2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-arm.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-cris.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-m68k.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-mips.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-ppc.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-sh4.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-sparc.x86_64            2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-x86.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-user.x86_64                    2:0.10.50-8.kvm87.fc11        @rawvirt      
virt-manager.x86_64                 0.7.0-5.fc11                  @updates      
virt-top.x86_64                     1.0.3-4.fc11                  @fedora       
virt-viewer.x86_64                  0.0.3-4.fc11                  @fedora

How reproducible:
every time

Steps to Reproduce:
1. Run two guests which share a common ISO image
2. Do ls -Z on the shared file
3. stop one of the guests
4. do ls -Z on the shared file
  
Actual results:
File context is restored when the first guest is stopped.

Expected results:
File context should not be restoed until the last guest using the file is stopped.

Additional info:
Comment 1 Daniel Berrangé 2009-08-04 15:12:54 UTC 
Current libvirt has the F11 patch applied to skip relabelling of shared/readonly disks upon shutdown

commit ed5a25841ff0838b1b7afa881b5d369ace1aad9c
Author: Daniel P. Berrange <berrange>
Date:   Wed Jul 15 12:45:13 2009 +0100

    Don't restore labels on shared/readonly disks
    
    * src/security_selinux.c: Skip relabelling of shared/readonly
      disks upon shutdown, since this breaks other VMs still active
      using those disks
Note You need to log in before you can comment on or make changes to this bug.