Bug 688853 - PCI devices resource's sVirt label is different as set in virt-manager Security page.
Summary: PCI devices resource's sVirt label is different as set in virt-manager Securi...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-18 09:06 UTC by wangyimiao
Modified: 2016-04-26 19:04 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-23 12:17:10 UTC


Attachments (Terms of Use)

Description wangyimiao 2011-03-18 09:06:04 UTC
Description of problem:
PCI devices resource's sVirt label is different as set in virt-manager Security page.

Version-Release number of selected component (if applicable):
libvirt-0.8.7-13.el6.x86_64
qemu-img-0.12.1.2-2.150.el6.x86_64
qemu-kvm-0.12.1.2-2.150.el6.x86_64
virt-manager-0.8.6-3.el6.noarch
kernel-2.6.32-122.el6.x86_64
selinux-policy-targeted-3.7.19-78.el6.noarch

How reproducible:
5/5

Steps to Reproduce:
1.Prepare an VM which is not running .
#setenforce 1

2.Issue "virt-manager" to open virt-manager UI.

3.Select the existing VM, then "open" -> "details" -> "Overview" -> "Security"

4.Select "static" option, then specify a label,and apply it.

such as: "system_u:system_r:svirt_t:s0:c100,c200"

5.Change context of guest image file, such as:

# chcon system_u:object_r:svirt_image_t:s0:c100,c200 /var/lib/libvirt/images/nfs_test.img

6.Check the NIC node device.

#  virsh nodedev-list --tree|more
computer
 |
  +- net_lo_00_00_00_00_00_00
  +- net_virbr0_nic_52_54_00_f6_8a_ba
  +- net_vnet0_fe_54_00_ae_6e_74
  +- pci_0000_00_00_0
  +- pci_0000_00_01_0
  |   |
  |   +- pci_0000_01_00_0
  |     
  +- pci_0000_00_03_0
  +- pci_0000_00_03_2
  +- pci_0000_00_03_3
  +- pci_0000_00_19_0
  |   |
  |   +- net_eth0_00_21_9b_7d_f9_71
  |     
.....................................

7.Add the following lines to domain xml.

<hostdev mode='subsystem' type='pci' managed='yes'>
 <source>
  <address bus='0' slot='0x19' function='0'/>
 </source>
</hostdev>

8. Start the vm

9. Check svirt label of the qemu-kvm process.
# ps -efZ|grep qemu-kvm
system_u:system_r:svirt_t:s0:c100,c200 qemu 4227   1 35 11:46 ?      
................................

10.Check the context of pci device is the same as the context of qemu-kvm process
# ll -Z /sys/bus/pci/devices/0000:00:19.0/resource
-r--r--r--. qemu qemu system_u:object_r:sysfs_t:s0     /sys/bus/pci/devices/0000:00:19.0/resource

  
Actual results:
PCI devices resource's sVirt label is different as set in virt-manager Security page.

Expected results:
PCI devices resource's sVirt label should be same as set in virt-manager Security page.

Comment 1 RHEL Program Management 2011-04-04 02:06:31 UTC
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 4 Cole Robinson 2016-03-23 12:17:10 UTC
virt-manager doesn't have a security page anymore, and I suspect this is long since fixed, so closing


Note You need to log in before you can comment on or make changes to this bug.