688853 – PCI devices resource's sVirt label is different as set in virt-manager Security page.

Bug 688853 - PCI devices resource's sVirt label is different as set in virt-manager Security page.

Summary: PCI devices resource's sVirt label is different as set in virt-manager Securi...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libvirt
Sub Component:
Version:	unspecified
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-03-18 09:06 UTC by wangyimiao
Modified:	2016-04-26 19:04 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-03-23 12:17:10 UTC
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description wangyimiao 2011-03-18 09:06:04 UTC

Description of problem:
PCI devices resource's sVirt label is different as set in virt-manager Security page.

Version-Release number of selected component (if applicable):
libvirt-0.8.7-13.el6.x86_64
qemu-img-0.12.1.2-2.150.el6.x86_64
qemu-kvm-0.12.1.2-2.150.el6.x86_64
virt-manager-0.8.6-3.el6.noarch
kernel-2.6.32-122.el6.x86_64
selinux-policy-targeted-3.7.19-78.el6.noarch

How reproducible:
5/5

Steps to Reproduce:
1.Prepare an VM which is not running .
#setenforce 1

2.Issue "virt-manager" to open virt-manager UI.

3.Select the existing VM, then "open" -> "details" -> "Overview" -> "Security"

4.Select "static" option, then specify a label,and apply it.

such as: "system_u:system_r:svirt_t:s0:c100,c200"

5.Change context of guest image file, such as:

# chcon system_u:object_r:svirt_image_t:s0:c100,c200 /var/lib/libvirt/images/nfs_test.img

6.Check the NIC node device.

#  virsh nodedev-list --tree|more
computer
 |
  +- net_lo_00_00_00_00_00_00
  +- net_virbr0_nic_52_54_00_f6_8a_ba
  +- net_vnet0_fe_54_00_ae_6e_74
  +- pci_0000_00_00_0
  +- pci_0000_00_01_0
  |   |
  |   +- pci_0000_01_00_0
  |     
  +- pci_0000_00_03_0
  +- pci_0000_00_03_2
  +- pci_0000_00_03_3
  +- pci_0000_00_19_0
  |   |
  |   +- net_eth0_00_21_9b_7d_f9_71
  |     
.....................................

7.Add the following lines to domain xml.

<hostdev mode='subsystem' type='pci' managed='yes'>
 <source>
  <address bus='0' slot='0x19' function='0'/>
 </source>
</hostdev>

8. Start the vm

9. Check svirt label of the qemu-kvm process.
# ps -efZ|grep qemu-kvm
system_u:system_r:svirt_t:s0:c100,c200 qemu 4227   1 35 11:46 ?      
................................

10.Check the context of pci device is the same as the context of qemu-kvm process
# ll -Z /sys/bus/pci/devices/0000:00:19.0/resource
-r--r--r--. qemu qemu system_u:object_r:sysfs_t:s0     /sys/bus/pci/devices/0000:00:19.0/resource

  
Actual results:
PCI devices resource's sVirt label is different as set in virt-manager Security page.

Expected results:
PCI devices resource's sVirt label should be same as set in virt-manager Security page.

Comment 1 RHEL Program Management 2011-04-04 02:06:31 UTC

Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 4 Cole Robinson 2016-03-23 12:17:10 UTC

virt-manager doesn't have a security page anymore, and I suspect this is long since fixed, so closing

Note You need to log in before you can comment on or make changes to this bug.