Red Hat Bugzilla – Bug 976635
Managedsave/save failed with unable to execute QEMU command 'getfd'
Last modified: 2014-04-04 16:57:47 EDT
Dan, does OpenStack set relabel='no' ?
No, openstack relies on completely dynamic selinux labelling. This bug doesn't seem to be related to openstack in any case - the initial report says the reporter is manually adding the static selinux label
(In reply to Daniel Berrange from comment #4)
> No, openstack relies on completely dynamic selinux labelling. This bug
> doesn't seem to be related to openstack in any case - the initial report
> says the reporter is manually adding the static selinux label
Indeed, it's not related to OpenStack, I just wanted to make sure that any changes we make as a result of it won't affect OpenStack. (I have the same question about oVirt.)
should not be related to oVirt either, as far as I know
Fixed upstream by:
Author: Peter Krempa <email@example.com>
Date: Tue Jul 2 18:34:58 2013 +0200
selinux: Always generate imagelabel
The imagelabel SELinux label was only generated when relabeling was
enabled. This prohibited labeling of files created by libvirt that need
to be labeled even if relabeling is turned off.
The only codepath this change has direct impact on is labeling of FDs
passed to qemu which is always safe in current state.
We decided not to rebase libvirt in RHEL 6.5 to avoid stability issues
we faced in 6.4. This bug has already been fixed upstream but it is
considered unsuitable for backporting to RHEL 6.5 because at least one
of the following conditions is met:
- this bug requires new API(s), which we cannot introduce without
- the patches required to address this bug are complex or invasive
causing the backport to be too risky
- this bug is not important enough to justify backporting non-trivial
patches for it
Thus I'm pushing this bug to RHEL 6.6 (and setting Upstream keyword to
indicate we have patches upstream) for now. If you don't agree with
this resolution, please, give us reasons which you think are strong
enough for us to reevaluate the decision not to backport patches for
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.