Bug 906639
| Summary: | libvirt should clean and revert env after fail to create snapshot with a bad img using --reuse-external | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Huang Wenlong <whuang> |
| Component: | libvirt | Assignee: | Peter Krempa <pkrempa> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.4 | CC: | cwei, dyuan, eblake, mzhan, pkrempa, rbalakri, shyu |
| Target Milestone: | rc | Keywords: | Upstream |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-0.10.2-32.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-10-14 04:15:09 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The memory image file is deleted on failure since:
commit a912977a657ae92724c04e8c4e6f70c6e8231849
Author: Peter Krempa <pkrempa>
Date: Tue Dec 11 12:02:16 2012 +0100
qemu: snapshot: Remove memory image if external checkpoint fails
When the disk snapshot part of an external system checkpoint fails the
memory image is retained. This patch adds code to remove the image in
such case.
v1.0.0-292-ga912977
as of the AVC/selinux issues, those are probably still present.
The issue with damaging permissions of the original image is now fixed with:
commit 177046753fa427609f217c319dba6fa465a4add4
Author: Peter Krempa <pkrempa>
Date: Fri May 31 15:38:46 2013 +0200
qemu: snapshot: Don't kill access to disk if snapshot creation fails
If snapshot creation failed for example due to invalid use of the
"REUSE_EXTERNAL" flag, libvirt killed access to the original image file
instead of the new image file. On machines with selinux this kills the
whole VM as the selinux context is enforced immediately.
* qemu_driver.c:qemuDomainSnapshotUndoSingleDiskActive():
- Kill access to the new image file instead of the old one.
v1.0.6-rc2-7-g1770467
We decided not to rebase libvirt in RHEL 6.5 to avoid stability issues we faced in 6.4. This bug has already been trivially fixed upstream but it is not considered important enough to be backported to RHEL 6.5. Thus I'm pushing this bug to RHEL 6.6 (and setting Upstream keyword to indicate we have patches upstream) for now. If you don't agree with this resolution, please, give us reasons which you think are strong enough for us to reevaluate the decision not to backport patches for this bug. verify this bug with libvirt-0.10.2-32.el6.x86_64 Steps: 1. #touch /var/lib/libvirt/images/kvm-rhel6.5-x86_64-qcow2.bad 2. #ll /tmp/bad ls: cannot access /tmp/bad: No such file or directory 3. #virsh snapshot-create-as rhel6.5 bad --memspec /tmp/bad --reuse-external --atomic error: internal error unable to execute QEMU command 'transaction': Could not open '/var/lib/libvirt/images/kvm-rhel6.5-x86_64-qcow2.bad': Invalid argument 4. ll /tmp/bad ls: cannot access /tmp/bad: No such file or directory Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1374.html |
Description of problem: libvirt should clean and revert env after fail to create snapshot with a bad img useing --reuse-external virsh fail should clean and revert env and guest should not be effected Version-Release number of selected component (if applicable): libvirt-0.10.2-18.el6.x86_64 qemu-kvm-rhev-0.12.1.2-2.355.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1.prepare a running guest # virsh list Id Name State ---------------------------------------------------- 8 bug running 2.touch a empty(bad)img for snapshot create #touch /var/lib/libvirt/images/bug.bad # ll /tmp/bad ls: cannot access /tmp/bad: No such file or directory 3.create a snapshot --with reuse-external even add atomic #virsh snapshot-create-as bug bad --memspec /tmp/bad --reuse-external --atomic error: internal error unable to execute QEMU command 'transaction': Could not open '/var/lib/libvirt/images/bug.bad': Invalid argument #echo $? 1 4.check env bad file still there , bug.img's context is cleaned , it will make selinux AVC denied and guest image turn to read-only # ll /tmp/bad -rw-------. 1 root root 307951050 Jan 31 15:10 /tmp/bad ]# ll -Z -rw-r--r--. qemu qemu unconfined_u:object_r:svirt_image_t:s0:c101,c640 bug.bad -rw-------. root root system_u:object_r:virt_image_t:s0 bug.img type=AVC msg=audit(1359615628.274:81086): avc: denied { write } for pid=25034 comm="qemu-kvm" path="/var/lib/libvirt/images/bug.img" dev=sda1 ino=7920 scontext=unconfined_u:system_r:svirt_t:s0:c367,c445 tcontext=system_u:object_r:virt_image_t:s0 tclass=file Actual results: as steps Expected results: virsh fail should clean and revert env and guest should not be effected Additional info: --