Bug 732461 - QEMU rejects ide drives readonly unless CDROM. This stops SELinux readonly support from working.
Summary: QEMU rejects ide drives readonly unless CDROM. This stops SELinux readonly su...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: libvirt
Version: 17
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-22 14:34 UTC by Richard Haines
Modified: 2012-10-20 21:24 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-10-20 21:24:58 UTC


Attachments (Terms of Use)

Description Richard Haines 2011-08-22 14:34:36 UTC
Description of problem:
When an IDE drive parameter "readonly=on" is passed to QEMU, QEMU will return an error that read-only ide drives cannot be used (except when its a CDROM).

To overcome this and allow SELinux to manage the readonly service via policy, libvirt should check the ide device and if CDROM and <readonly/> is set in the XML config file, then pass over "readonly=on".

If the ide device is not CDROM but <readonly/> is set in the XML config file, then do not pass over "readonly=on", this will allow QEMU to work and also SELinux to set the appropriate contexts for read-only management via the policy.

Version-Release number of selected component (if applicable):
libvirt-0.8.8-7.fc15.x86_64
with:
qemu-system-x86-0.14.0-7.fc15.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Using Virtual Machine Manager set VM details "IDE Disk 1" to "readonly"
2. Run VM and error will appear.

Comment 1 Fedora Admin XMLRPC Client 2011-09-22 17:53:13 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 2 Fedora Admin XMLRPC Client 2011-09-22 17:57:05 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 3 Fedora Admin XMLRPC Client 2011-11-30 20:03:50 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 4 Fedora Admin XMLRPC Client 2011-11-30 20:03:55 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 5 Fedora Admin XMLRPC Client 2011-11-30 20:08:18 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 6 Fedora Admin XMLRPC Client 2011-11-30 20:08:24 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 7 Cole Robinson 2012-06-07 00:33:37 UTC
That sounds like a valid idea. Does qemu still error on readonly=on? Maybe this isn't relevant anymore. Either way it's straightforward to test, so moving to F17 for further triage.

Comment 8 Richard Haines 2012-06-08 15:53:38 UTC
(In reply to comment #7)
> That sounds like a valid idea. Does qemu still error on readonly=on? Maybe
> this isn't relevant anymore. Either way it's straightforward to test, so
> moving to F17 for further triage.

I've just tested Fedora 17 and still has the same problem.

Comment 9 Cole Robinson 2012-10-20 21:24:58 UTC
Actually thinking some more about this, I don't think there's anything to change here.

Requesting <readonly/> in the XML is not only about disk image permissions but about actually setting having the HW bits set as readonly. qemu is correctly reporting it can't handle a readonly IDE disk and we should honor that.

You can have libvirt use the RO selinux label for a particular disk using an <seclabel> element in the <disk> block, check the 'source' section here:

http://libvirt.org/formatdomain.html#elementsDisks

Closing as WONTFIX


Note You need to log in before you can comment on or make changes to this bug.