Bug 733996 - [RFE][virt-install]should allow user specify static label for security driver setting when install vm
Summary: [RFE][virt-install]should allow user specify static label for security driver...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: python-virtinst
Version: 6.2
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Cole Robinson
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 734000
TreeView+ depends on / blocked
 
Reported: 2011-08-29 06:35 UTC by zhe peng
Modified: 2012-02-01 19:08 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
: 734000 (view as bug list)
Environment:
Last Closed: 2012-02-01 19:08:37 UTC


Attachments (Terms of Use)
full debug info (5.84 KB, text/plain)
2011-08-29 06:35 UTC, zhe peng
no flags Details

Description zhe peng 2011-08-29 06:35:55 UTC
Created attachment 520296 [details]
full debug info

Description of problem:
can set relabel option for security driver setting when install vm.


Version-Release number of selected component (if applicable):
python-virtinst-0.600.0-2.el6.noarch
libvirt-0.9.4-5.el6


How reproducible:
always

Steps to Reproduce:
1.install a vm with static security settings.
1.# virt-install -n demo -r 1024 -f /var/lib/libvirt/images/test.img -s 5 --security type=static,label='system_u:system_r:svirt_t:s0:c100,c200' -c /dev/cdrom --debug
.........
Mon, 29 Aug 2011 02:03:29 ERROR    internal error Process exited while reading console log output: char device redirected to /dev/pts/8
qemu-kvm: -drive file=/var/lib/libvirt/images/demo.img,if=none,id=drive-ide0-0-0,format=raw,cache=none: could not open disk image /var/lib/libvirt/images/demo.img: Permission denied

Mon, 29 Aug 2011 02:03:29 DEBUG    Traceback (most recent call last):
  File "/usr/sbin/virt-install", line 620, in start_install
    noboot=options.noreboot)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1223, in start_install
    noboot)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1291, in _create_guest
    dom = self.conn.createLinux(start_xml or final_xml, 0)
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 1966, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error Process exited while reading console log output: char device redirected to /dev/pts/8
qemu-kvm: -drive file=/var/lib/libvirt/images/demo.img,if=none,id=drive-ide0-0-0,format=raw,cache=none: could not open disk image /var/lib/libvirt/images/demo.img: Permission denied

install will failed with Permission denied.

if have an existing image file,with correctly security label,the install will successful.mention in bug:https://bugzilla.redhat.com/show_bug.cgi?id=698085#c9

for libvirt ,there have a new attribute "relabel=yes",refer to http://libvirt.org/formatdomain.html#seclabel

so, customer need setting static security label without having an existing image file when install a new vm.
like command line:
# virt-install -n demo -r 1024 -f /var/lib/libvirt/images/test.img -s 5 --security type=static,relable=yes,label='system_u:system_r:svirt_t:s0:c100,c200' -c /dev/cdrom --debug


  
Actual results:
see Steps to Reproduce

Expected results:
should install vm successful with static security label if not have existing image file.

Additional info:

Comment 3 Cole Robinson 2012-02-01 19:08:37 UTC
On second thought I don't think this is even worth backporting: static label usage is uncommon, and virtinst/virt-manager haven't had any customer complaints or feature requests regarding this functionality. Backporting isn't really worth the effort IMO

Just closing as UPSTREAM


Note You need to log in before you can comment on or make changes to this bug.