-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
rhel-10.0
-
None
-
No
-
Moderate
-
rhel-sst-virtualization-networking
-
ssg_virtualization
-
None
-
False
-
-
None
-
None
-
None
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
Our gating test found this issue on the PSI Openstack VM.
# virt-customize -v -x -a RHEL-Server-10.0-64-hvm.raw --mkdir /root/test1 [ 0.0] Examining the guest ... libguestfs: trace: set_verbose true libguestfs: trace: set_verbose = 0 libguestfs: trace: set_network true libguestfs: trace: set_network = 0 libguestfs: trace: add_drive "RHEL-Server-10.0-64-hvm.raw" "readonly:false" "protocol:file" "discard:besteffort" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: max_disks libguestfs: trace: max_disks = 255 libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp" libguestfs: trace: version libguestfs: trace: version = <struct guestfs_version = major: 1, minor: 54, release: 0, extra: rhel=10,release=1.el10,libvirt, > libguestfs: trace: get_backend libguestfs: trace: get_backend = "libvirt" libguestfs: launch: program=virt-customize libguestfs: launch: version=1.54.0rhel=10,release=1.el10,libvirt libguestfs: launch: backend registered: direct libguestfs: launch: backend registered: libvirt libguestfs: launch: backend=libvirt libguestfs: launch: tmpdir=/tmp/libguestfszLHgd0 libguestfs: launch: umask=0022 libguestfs: launch: euid=0 libguestfs: libvirt version = 10005000 (10.5.0) libguestfs: guest random name = guestfs-lrmqzsngv24qnrkl libguestfs: connect to libvirt libguestfs: opening libvirt handle: URI = qemu:///system, auth = default+wrapper, flags = 0 libguestfs: successfully opened libvirt handle: conn = 0x555a66f03d90 libguestfs: qemu version (reported by libvirt) = 9001000 (9.1.0) libguestfs: get libvirt capabilities libguestfs: parsing capabilities XML libguestfs: trace: get_backend_setting "force_kvm" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: parsing domcapabilities XML libguestfs: trace: get_backend_setting "internal_libvirt_label" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_backend_setting "internal_libvirt_imagelabel" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_backend_setting "internal_libvirt_norelabel_disks" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: build appliance libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/var/tmp" libguestfs: begin building supermin appliance libguestfs: run supermin libguestfs: command: run: /usr/bin/supermin libguestfs: command: run: \ --build libguestfs: command: run: \ --verbose libguestfs: command: run: \ --if-newer libguestfs: command: run: \ --lock /var/tmp/.guestfs-0/lock libguestfs: command: run: \ --copy-kernel libguestfs: command: run: \ -f ext2 libguestfs: command: run: \ --host-cpu x86_64 libguestfs: command: run: \ /usr/lib64/guestfs/supermin.d libguestfs: command: run: \ -o /var/tmp/.guestfs-0/appliance.d supermin: version: 5.3.4 supermin: rpm: detected RPM version 4.19 supermin: rpm: detected RPM architecture x86_64 supermin: package handler: fedora/rpm supermin: acquiring lock on /var/tmp/.guestfs-0/lock supermin: if-newer: output does not need rebuilding libguestfs: finished building supermin appliance libguestfs: trace: disk_create "/tmp/libguestfszLHgd0/overlay1.qcow2" "qcow2" -1 "backingfile:/var/tmp/.guestfs-0/appliance.d/root" libguestfs: trace: disk_format "/var/tmp/.guestfs-0/appliance.d/root" libguestfs: command: run: qemu-img --help | grep -sqE -- '\binfo\b.*-U\b' libguestfs: command: run: qemu-img libguestfs: command: run: \ info libguestfs: command: run: \ -U libguestfs: command: run: \ --output json libguestfs: command: run: \ /var/tmp/.guestfs-0/appliance.d/root libguestfs: parse_json: qemu-img info JSON output:\n{\n "children": [\n {\n "name": "file",\n "info": {\n "children": [\n ],\n "virtual-size": 4294967296,\n "filename": "/var/tmp/.guestfs-0/appliance.d/root",\n "format": "file",\n "actual-size": 397299712,\n "format-specific": {\n "type": "file",\n "data": {\n }\n },\n "dirty-flag": false\n }\n }\n ],\n "virtual-size": 4294967296,\n "filename": "/var/tmp/.guestfs-0/appliance.d/root",\n "format": "raw",\n "actual-size": 397299712,\n "dirty-flag": false\n}\n\n libguestfs: trace: disk_format = "raw" libguestfs: command: run: qemu-img libguestfs: command: run: \ create libguestfs: command: run: \ -f qcow2 libguestfs: command: run: \ -o backing_file=/var/tmp/.guestfs-0/appliance.d/root,backing_fmt=raw libguestfs: command: run: \ /tmp/libguestfszLHgd0/overlay1.qcow2 Formatting '/tmp/libguestfszLHgd0/overlay1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=4294967296 backing_file=/var/tmp/.guestfs-0/appliance.d/root backing_fmt=raw lazy_refcounts=off refcount_bits=16 libguestfs: trace: disk_create = 0 libguestfs: trace: get_sockdir libguestfs: trace: get_sockdir = "/tmp" libguestfs: create libvirt XML libguestfs: trace: disk_format "RHEL-Server-10.0-64-hvm.raw" libguestfs: command: run: qemu-img libguestfs: command: run: \ info libguestfs: command: run: \ -U libguestfs: command: run: \ --output json libguestfs: command: run: \ ./RHEL-Server-10.0-64-hvm.raw libguestfs: parse_json: qemu-img info JSON output:\n{\n "children": [\n {\n "name": "file",\n "info": {\n "children": [\n ],\n "virtual-size": 10737418240,\n "filename": "./RHEL-Server-10.0-64-hvm.raw",\n "format": "file",\n "actual-size": 10737418240,\n "format-specific": {\n "type": "file",\n "data": {\n }\n },\n "dirty-flag": false\n }\n }\n ],\n "virtual-size": 10737418240,\n "filename": "./RHEL-Server-10.0-64-hvm.raw",\n "format": "raw",\n "actual-size": 10737418240,\n "dirty-flag": false\n}\n\n libguestfs: trace: disk_format = "raw" libguestfs: command: run: passt --help Usage: passt [OPTION]... -d, --debug\t\tBe verbose --trace\t\tBe extra verbose, implies --debug -q, --quiet\t\tDon't print informational messages -f, --foreground\tDon't run in background default: run in background -l, --log-file PATH\tLog (only) to given file --log-size BYTES\tMaximum size of log file default: 1 MiB --runas UID|UID:GID \tRun as given UID, GID, which can be numeric, or login and group names default: drop to user "nobody" -h, --help\t\tDisplay this help message and exit --version\t\tShow version and exit -s, --socket PATH\tUNIX domain socket path default: probe free path starting from /tmp/passt_1.socket -F, --fd FD\t\tUse FD as pre-opened connected socket -p, --pcap FILE\tLog tap-facing traffic to pcap file -P, --pid FILE\tWrite own PID to the given file -m, --mtu MTU\tAssign MTU via DHCP/NDP a zero value disables assignment default: 65520: maximum 802.3 MTU minus 802.3 header length, rounded to 32 bits (IPv4 words) -a, --address ADDR\tAssign IPv4 or IPv6 address ADDR can be specified zero to two times (for IPv4 and IPv6) default: use addresses from interface with default route -n, --netmask MASK\tAssign IPv4 MASK, dot-decimal or bits default: netmask from matching address on the host -M, --mac-addr ADDR\tUse source MAC address ADDR default: MAC address from interface with default route -g, --gateway ADDR\tPass IPv4 or IPv6 address as gateway default: gateway from interface with default route -i, --interface NAME\tInterface for addresses and routes default: from --outbound-if4 and --outbound-if6, if any otherwise interface with first default route -o, --outbound ADDR\tBind to address as outbound source can be specified zero to two times (for IPv4 and IPv6) default: use source address from routing tables --outbound-if4 NAME\tBind to outbound interface for IPv4 default: use interface from default route --outbound-if6 NAME\tBind to outbound interface for IPv6 default: use interface from default route -D, --dns ADDR\tUse IPv4 or IPv6 address as DNS can be specified multiple times a single, empty option disables DNS information default: use addresses from /etc/resolv.conf -S, --search LIST\tSpace-separated list, search domains a single, empty option disables the DNS search list default: use search list from /etc/resolv.conf --no-dhcp-dns\tNo DNS list in DHCP/DHCPv6/NDP --no-dhcp-search\tNo list in DHCP/DHCPv6/NDP --dns-forward ADDR\tForward DNS queries sent to ADDR can be specified zero to two times (for IPv4 and IPv6) default: don't forward DNS queries --no-tcp\t\tDisable TCP protocol handler --no-udp\t\tDisable UDP protocol handler --no-icmp\t\tDisable ICMP/ICMPv6 protocol handler --no-dhcp\t\tDisable DHCP server --no-ndp\t\tDisable NDP responses --no-dhcpv6\t\tDisable DHCPv6 server --no-ra\t\tDisable router advertisements --no-map-gw\t\tDon't map gateway address to host -4, --ipv4-only\tEnable IPv4 operation only -6, --ipv6-only\tEnable IPv6 operation only -1, --one-off\tQuit after handling one single client -t, --tcp-ports SPEC\tTCP port forwarding to guest can be specified multiple times SPEC can be: 'none': don't forward any ports 'all': forward all unbound, non-ephemeral ports a comma-separated list, optionally ranged with '-' and optional target ports after ':', with optional address specification suffixed by '/' and optional interface prefixed by '%'. Ranges can be reduced by excluding ports or ranges prefixed by '~' Examples: -t 22\t\tForward local port 22 to 22 on guest -t 22:23\tForward local port 22 to 23 on guest -t 22,25\tForward ports 22, 25 to ports 22, 25 -t 22-80 \tForward ports 22 to 80 -t 22-80:32-90\tForward ports 22 to 80 to \t\t\tcorresponding port numbers plus 10 -t 192.0.2.1/5\tBind port 5 of 192.0.2.1 to guest -t 5-25,~10-20\tForward ports 5 to 9, and 21 to 25 -t ~25\t\tForward all ports except for 25 default: none -u, --udp-ports SPEC\tUDP port forwarding to guest SPEC is as described for TCP above default: none libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/var/tmp" libguestfs: libvirt XML:\n<?xml version="1.0"?>\n<domain type="kvm" xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">\n <name>guestfs-lrmqzsngv24qnrkl</name>\n <memory unit="MiB">1280</memory>\n <currentMemory unit="MiB">1280</currentMemory>\n <cpu mode="maximum">\n <feature policy="disable" name="la57"/>\n </cpu>\n <vcpu>1</vcpu>\n <clock offset="utc">\n <timer name="rtc" tickpolicy="catchup"/>\n <timer name="pit" tickpolicy="delay"/>\n <timer name="hpet" present="no"/>\n </clock>\n <os>\n <type machine="q35">hvm</type>\n <kernel>/var/tmp/.guestfs-0/appliance.d/kernel</kernel>\n <initrd>/var/tmp/.guestfs-0/appliance.d/initrd</initrd>\n <cmdline>panic=1 console=ttyS0 edd=off udevtimeout=6000 udev.event-timeout=6000 no_timer_check printk.time=1 cgroup_disable=memory usbcore.nousb cryptomgr.notests tsc=reliable 8250.nr_uarts=1 root=UUID=5a636450-e42c-4d93-85ef-6b25c598033d selinux=0 guestfs_verbose=1 guestfs_network=1 TERM=xterm-256color</cmdline>\n <bios useserial="yes"/>\n </os>\n <on_reboot>destroy</on_reboot>\n <devices>\n <rng model="virtio">\n <backend model="random">/dev/urandom</backend>\n </rng>\n <controller type="scsi" index="0" model="virtio-scsi"/>\n <disk device="disk" type="file">\n <source file="/run/guestfs-autotest/images/RHEL-Server-10.0-64-hvm.raw"/>\n <target dev="sda" bus="scsi"/>\n <driver name="qemu" type="raw" cache="writeback" discard="unmap"/>\n <address type="drive" controller="0" bus="0" target="0" unit="0"/>\n </disk>\n <disk type="file" device="disk">\n <source file="/tmp/libguestfszLHgd0/overlay1.qcow2"/>\n <target dev="sdb" bus="scsi"/>\n <driver name="qemu" type="qcow2" cache="unsafe"/>\n <address type="drive" controller="0" bus="0" target="1" unit="0"/>\n </disk>\n <serial type="unix">\n <source mode="connect" path="/tmp/libguestfs1AvRsL/console.sock"/>\n <target port="0"/>\n </serial>\n <channel type="unix">\n <source mode="connect" path="/tmp/libguestfs1AvRsL/guestfsd.sock"/>\n <target type="virtio" name="org.libguestfs.channel.0"/>\n </channel>\n <interface type="user">\n <backend type="passt"/>\n <model type="virtio"/>\n <ip family="ipv4" address="169.254.2.15" prefix="16"/>\n </interface>\n <controller type="usb" model="none"/>\n <memballoon model="none"/>\n </devices>\n <qemu:commandline>\n <qemu:env name="TMPDIR" value="/var/tmp"/>\n </qemu:commandline>\n</domain>\n libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/var/tmp" libguestfs: command: run: ls libguestfs: command: run: \ -a libguestfs: command: run: \ -l libguestfs: command: run: \ -R libguestfs: command: run: \ -Z /var/tmp/.guestfs-0 libguestfs: /var/tmp/.guestfs-0: libguestfs: total 284 libguestfs: drwxr-xr-x. 3 root root unconfined_u:object_r:user_tmp_t:s0 4096 Oct 11 05:25 . libguestfs: drwxrwxrwt. 10 root root system_u:object_r:tmp_t:s0 4096 Oct 11 05:25 .. libguestfs: drwxr-xr-x. 2 root root unconfined_u:object_r:user_tmp_t:s0 46 Oct 11 03:41 appliance.d libguestfs: -rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 0 Oct 11 03:41 lock libguestfs: -rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 9822 Oct 11 03:41 qemu-26310576-1727654400.devices libguestfs: -rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 32297 Oct 11 03:41 qemu-26310576-1727654400.help libguestfs: -rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 229169 Oct 11 03:41 qemu-26310576-1727654400.qmp-schema libguestfs: -rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 48 Oct 11 03:41 qemu-26310576-1727654400.query-kvm libguestfs: -rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 44 Oct 11 03:41 qemu-26310576-1727654400.stat libguestfs: libguestfs: /var/tmp/.guestfs-0/appliance.d: libguestfs: total 411672 libguestfs: drwxr-xr-x. 2 root root unconfined_u:object_r:user_tmp_t:s0 46 Oct 11 03:41 . libguestfs: drwxr-xr-x. 3 root root unconfined_u:object_r:user_tmp_t:s0 4096 Oct 11 05:25 .. libguestfs: -rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 8754176 Oct 11 05:25 initrd libguestfs: -rwxr-xr-x. 1 root root unconfined_u:object_r:user_tmp_t:s0 15489144 Oct 11 05:25 kernel libguestfs: -rw-r--r--. 1 qemu qemu system_u:object_r:virt_content_t:s0 4294967296 Oct 11 05:25 root libguestfs: command: run: ls libguestfs: command: run: \ -a libguestfs: command: run: \ -l libguestfs: command: run: \ -Z /tmp/libguestfs1AvRsL libguestfs: total 4 libguestfs: drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 47 Oct 11 05:25 . libguestfs: drwxrwxrwx. 10 root root unconfined_u:object_r:user_home_dir_t:s0 4096 Oct 11 05:25 .. libguestfs: srw-rw----. 1 root qemu unconfined_u:object_r:user_home_t:s0 0 Oct 11 05:25 console.sock libguestfs: srw-rw----. 1 root qemu unconfined_u:object_r:user_home_t:s0 0 Oct 11 05:25 guestfsd.sock libguestfs: launch libvirt guest libguestfs: trace: launch = -1 (error) virt-customize: error: libguestfs error: could not create appliance through libvirt. Original error from libvirt: internal error: Child process (passt --one-off --socket /run/libvirt/qemu/passt/1-guestfs-lrmqzsngv24q-net0.socket --pid /run/libvirt/qemu/passt/1-guestfs-lrmqzsngv24q-net0-passt.pid --address 169.254.2.15 --netmask 16) unexpected exit status 1: UNIX domain socket bound at /run/libvirt/qemu/passt/1-guestfs-lrmqzsngv24q-net0.socket No IPv6 nameserver available for NDP/DHCPv6 Template interface: ens3 (IPv4), ens3 (IPv6) MAC: host: fa:16:3e:b5:79:0d DHCP: assign: 169.254.2.15 mask: 255.255.0.0 router: 10.0.211.254 DNS: 10.11.5.160 10.2.70.215 NDP/DHCPv6: assign: 2620:52:0:d0:f816:3eff:feb5:790d router: fe80::4e16:fc01:678c:98ed our link-local: fe80::f816:3eff:feb5:790d You can now start qemu (>= 7.2, with commit 13c6be96618c): kvm ... -device virtio-net-pci,netdev=s -netdev stream,id=s,server=off,addr.type=unix,addr.path=/run/libvirt/qemu/passt/1-guestfs-lrmqzsngv24q-net0.socket or qrap, for earlier qemu versions: ./qrap 5 kvm ... -net socket,fd=5 -net nic,model=virtio Failed to mount empty tmpfs for pivot_root(): Permission denied Failed to sandbox process, exiting [code=1 int1=-1] ... # ausearch -m avc -ts recent ---- time->Fri Oct 11 05:25:03 2024 type=PROCTITLE msg=audit(1728638703.501:2179): proctitle=7061737374002D2D6F6E652D6F6666002D2D736F636B6574002F72756E2F6C6962766972742F71656D752F70617373742F312D677565737466732D6C726D717A736E67763234712D6E6574302E736F636B6574002D2D706964002F72756E2F6C6962766972742F71656D752F70617373742F312D677565737466732D6C726D71 type=SYSCALL msg=audit(1728638703.501:2179): arch=c000003e syscall=165 success=no exit=-13 a0=5654e47ae743 a1=5654e47ae270 a2=5654e47ae26a a3=f items=0 ppid=8367 pid=8422 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="passt.avx2" exe="/usr/bin/passt.avx2" subj=system_u:system_r:passt_t:s0:c183,c234 key=(null) type=AVC msg=audit(1728638703.501:2179): avc: denied { mounton } for pid=8422 comm="passt.avx2" path="/tmp" dev="vda3" ino=17379635 scontext=system_u:system_r:passt_t:s0:c183,c234 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0
Please provide the package NVR for which the bug is seen:
guestfs-tools-1.52.2-1.el10.x86_64
libguestfs-1.54.0-1.el10.x86_64
passt-0^20240806.gee36266-2.el10.x86_64
selinux-policy-40.13.9-1.el10.noarch
How reproducible is this bug?:
100%
Steps to reproduce
- virt-customize -a RHEL-Server-10.0-64-hvm.raw --mkdir /root/test1
Expected results
virt-customize works in the virtual machine.
Notes:
1. virt-customize works with permissive SELinux mode.
