Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-56725

The error message is misleading when swtpm can't open log file

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.0.beta
    • swtpm
    • None
    • Yes
    • None
    • rhel-sst-virtualization
    • ssg_virtualization
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Start a vm with vTPM device, it failes due to selinux issue( https://issues.redhat.com/browse/RHEL-53967), while the error message printed by swtpm is misleading:

      1. virsh start uefi
        error: Failed to start domain 'uefi'
        error: internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/uefi-swtpm.log' for details.
      2. cat /var/log/swtpm/libvirt/qemu/uefi-swtpm.log 
        swtpm at /usr/bin/swtpm does not support TPM 2

      Please provide the package NVR for which bug is seen:

      libvirt-10.5.0-5.el10.x86_64
      qemu-kvm-9.0.0-8.el10.x86_64
      swtpm-0.9.0-2.el10.x86_64

      How reproducible:

      100%

      Steps to reproduce

      1. Remove these files if they exist(this step is required to reproduce the issue) 
        # rm /var/lib/libvirt/swtpm/ce336098-3270-4b83-a021-1296fc1e163d/tpm2/ -rf
# rm /var/log/swtpm/libvirt/qemu/uefi-swtpm.log
      2.  Prepare a vm with vTPM device: 
        # virsh dumpxml uefi --xpath //tpm
<tpm model="tpm-crb">
  <backend type="emulator" version="2.0"/>
</tpm>
      3.  Start vm 
        # virsh start uefi
error: Failed to start domain 'uefi'
error: internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/uefi-swtpm.log' for details.
      4.  Check error log: 
        # cat /var/log/swtpm/libvirt/qemu/uefi-swtpm.log 
swtpm at /usr/bin/swtpm does not support TPM 2

      Expected results

      Correct error message can be reported

      Actual results

      The error message is misleading.

      Additional info

      1. Start vm again, it can succeed
      2. The AVC message when vm failed to start:
      # ausearch -m avc -ts recent|grep swtpm
type=SYSCALL msg=audit(1724988974.287:7417): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55a63f6755b0 a2=20441 a3=180 items=0 ppid=34864 pid=34865 auid=4294967295 uid=59 gid=59 euid=59 suid=59 fsuid=59 egid=59 sgid=59 fsgid=59 tty=(none) ses=4294967295 comm="swtpm" exe="/usr/bin/swtpm" subj=system_u:system_r:swtpm_t:s0 key=(null)
type=AVC msg=audit(1724988974.287:7417): avc:  denied  { open } for  pid=34865 comm="swtpm" path="/var/log/swtpm/libvirt/qemu/uefi-swtpm.log" dev="dm-0" ino=235205969 scontext=system_u:system_r:swtpm_t:s0 tcontext=system_u:object_r:virt_log_t:s0 tclass=file permissive=0
type=AVC msg=audit(1724988974.295:7418): avc:  denied  { relabelfrom } for  pid=34866 comm="rpc-virtqemud" name="uefi-swtpm.log" dev="dm-0" ino=235205969 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:virt_log_t:s0 tclass=file permissive=1

              mlureau Marc-Andre Lureau
              rhn-support-fjin Fangge Jin
              virt-maint virt-maint
              Yanqiu Zhang Yanqiu Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: