RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 614338 - setting Security Model=None take no effect without any prompt/warning
Summary: setting Security Model=None take no effect without any prompt/warning
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virt-manager
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Cole Robinson
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-07-14 07:35 UTC by dyuan
Modified: 2011-05-19 13:46 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 13:46:18 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0637 0 normal SHIPPED_LIVE virt-manager bug fix and enhancement update 2011-05-18 17:55:47 UTC

Description dyuan 2010-07-14 07:35:41 UTC 
Description of problem:

Guest is shutoff, select 'None' option in Model droplist, apply it.
Then start the guest, the Model will back to selinux both in virt-manager and xml.

Maybe it will take effect when SELINUX=enforcing in /etc/selinux/config, but there should be a prompt when the change take no effect.


Version-Release number of selected component (if applicable):
virt-manager-0.8.4-6.el6

How reproducible:
always

Steps to Reproduce:
1. Prepare an VM which is not running.
2. launch virt-manager.
3. Select the existing VM, then "open" -> "details" -> "Overview" -> "Security"
4. Select "None" option in Model droplist, then apply it.
5. Start the vm
  
Actual results:
the Model will back to selinux both in virt-manager and xml.

Expected results:


Additional info:

[Wed, 14 Jul 2010 15:15:24 virt-manager 3916] DEBUG (domain:1680) Changing seclabel with model=selinux t=dynamic label=
[Wed, 14 Jul 2010 15:15:24 virt-manager 3916] DEBUG (libvirtobject:150) Redefining 'rhel6' with XML diff:
--- Original XML 
+++ New XML 
@@ -47,4 +47,4 @@
       <address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0"/>
     </video>
   </devices>
-</domain>
+<seclabel model="selinux" type="dynamic"><label></label></seclabel></domain>

[Wed, 14 Jul 2010 15:15:24 virt-manager 3916] DEBUG (libvirtobject:142) Redefinition request XML was no different, redefining anyways


[Wed, 14 Jul 2010 15:15:44 virt-manager 3916] DEBUG (domain:1680) Changing seclabel with model=None t=dynamic label=
[Wed, 14 Jul 2010 15:15:44 virt-manager 3916] DEBUG (libvirtobject:142) Redefinition request XML was no different, redefining anyways
[Wed, 14 Jul 2010 15:15:44 virt-manager 3916] DEBUG (libvirtobject:142) Redefinition request XML was no different, redefining anyways
Comment 2 RHEL Program Management 2010-07-15 14:54:22 UTC 
This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release. It has
been denied for the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **
Comment 3 Cole Robinson 2010-09-29 18:28:17 UTC 
Pretty sure this is a libvirt limitation, there isn't any way in the XML to specify 'don't use any security model for this guest'. Reassigning to libvirt
Comment 5 Cole Robinson 2011-01-12 18:10:38 UTC 
Patches have been sent upstream:

https://www.redhat.com/archives/libvir-list/2011-January/msg00468.html

However they are dependent on changes that have gone in past 0.8.7 which probably shouldn't be backported to 6.1. So since this isn't a customer request, I think it might be best push this off to 6.2.
Comment 6 Daniel Berrangé 2011-01-12 18:29:53 UTC 
NB, we explicitly didn't allow any way to selectively disable security on individual domains in sVirt. One single unconfined guests running on a host, can compromise the security protection of all other guests. No guest should be allowed to run unconfined, if SELinux is set to enforcing. While if it is permissive, then there's no benefit to selectively allowing unconfined guests, because all are effectively unconfined.
Comment 8 Cole Robinson 2011-01-13 15:54:16 UTC 
Okay, since the general premise has been rejected upstream, reassigning back to virt-manager. The UI should make it clear that security can not be disabled.
Comment 9 Daniel Berrangé 2011-01-13 16:02:26 UTC 
Arguably libvirt should still raise an explicit error if model=none was requested in XML, instead of silently using model=selinux anyway.
Comment 10 Eric Blake 2011-01-13 16:04:50 UTC 
Cole's patches to convert from a free-form string to a checked enum would help in that regard.
Comment 11 Cole Robinson 2011-01-13 17:14:07 UTC 
I'm pretty sure libvirt does raise an error if model='none', in the SecurityVerify step. The way virt-manager was trying to disable security was by just removing the entire <seclabel>, which has never worked.
Comment 12 Cole Robinson 2011-01-13 17:25:42 UTC 
Fixed upstream:

http://hg.fedorahosted.org/hg/virt-manager/rev/550da554b0ac
Comment 13 Cole Robinson 2011-02-24 16:50:18 UTC 
This is already fixed in virt-manager-0.8.6-1
Comment 15 zhanghaiyan 2011-03-02 08:52:49 UTC 
Verified this bug PASS with virt-manager-0.8.6-2.el6.noarch

Open virt-manager, double click on a guest, select view->Details, could see 'none' selection for security model is removed and only 'selinux' for it.
Comment 16 mliu 2011-04-18 05:32:44 UTC 
Verified this bug PASS with virt-manager-0.8.6-3.el6.noarch
Comment 17 errata-xmlrpc 2011-05-19 13:46:18 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0637.html
Note You need to log in before you can comment on or make changes to this bug.