Unable to remove disk metadata on vm
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Christian Ehrhardt | ||
Focal |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
* The impact is log flooding with warnings for every guest start/stop
* Maybe the impact also has in some cases worse effects due to the bad RC
of the function e.g. blocking other actions - that could be happening in
the CI run it was reported with.
* Upstream has added a fix that fixes the warning.
We worked on and upstreamed another fix that also corrects the internal
error we were seeing.
Both are easily backportd and apply as-is.
[Test Case]
* Run this in one console
$ journalctl -f -u libvirtd | grep -i meta
* In the other console spawn a guest (e.g. via uvtool-libvirt or
any other and shut it down. Shutdown will pass:
qemuBlockRe
qemuSecur
... which will trigger the issue.
Without a fix the log will all the time get an entry like:
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: this function is not supported by the connection driver: virSecurityMana
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: internal error: child reported (status=125): this function is not supported by the connection driver: virSecurityMana
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: Unable to remove disk metadata on vm focal from /var/lib/
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: this function is not supported by the connection driver: virSecurityMana
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: internal error: child reported (status=125): this function is not supported by the connection driver: virSecurityMana
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: Unable to remove disk metadata on vm focal from /var/lib/
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: this function is not supported by the connection driver: virSecurityMana
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: internal error: child reported (status=125): this function is not supported by the connection driver: virSecurityMana
Mai 20 07:10:12 Keschdeichel libvirtd[2638]: Unable to remove disk metadata on vm focal from /var/lib/
[Regression Potential]
* It is a check on a function that doesn't need to exist for apparmor.
Hence making that check not a fail does not have a huge regression
potential - it is not that "now" it would do more. It just no more
complains about it and thereby avoids log flooding.
Regressions could happen if we'd have silenced other warnings by that,
but I don't see that in code or tests.
* The other change converts a bad RC into a good RC for a given set of
condition that applies either when built without libattr or when working
on an FS that does not support XATTR.
The same change of behavior we have in Ubuntu (built without libattr)
would now also be dependent on the FS type (no error on such FS
anymore). But that isn't true for Ubuntu builds and therefore doesn't
matter for the SRU considerations.
A regression could be if there would be another low level fail that is
mis-detected and masked to be "ok" by the code. But the API is rather
clear on -1 = fail, -2 = the kind we mask 0 = ok. So this seems not to
be an issue.
[Other Info]
* n/a
---
We can reproduce this 100% in our CI (upstream Openstack Ironic)
using Ubuntu 20.04 LTS Focal Fossa with libvirt 6.0.0
2020-05-15 10:05:50.626+0000: 96089: error : virSecurityMana
2020-05-15 10:05:50.628+0000: 96089: error : virProcessRunIn
2020-05-15 10:05:50.628+0000: 96089: warning : qemuBlockRemove
complete libvirt logs:
https:/
This was filed upstream and fixed by:
https:/
Related branches
- Rafael David Tinoco (community): Approve
- Canonical Server packageset reviewers: Pending requested
- Canonical Server: Pending requested
-
Diff: 158 lines (+130/-0)4 files modifieddebian/changelog (+7/-0)
debian/patches/series (+2/-0)
debian/patches/ubuntu/lp-1879325-Don-t-require-secdrivers-to-implement-.domainMoveIma.patch (+44/-0)
debian/patches/ubuntu/lp-1879325-security-don-t-fail-if-built-without-attr-support.patch (+77/-0)
- Rafael David Tinoco (community): Approve
- Canonical Server: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 158 lines (+130/-0)4 files modifieddebian/changelog (+7/-0)
debian/patches/series (+2/-0)
debian/patches/ubuntu/lp-1879325-Don-t-require-secdrivers-to-implement-.domainMoveIma.patch (+44/-0)
debian/patches/ubuntu/lp-1879325-security-don-t-fail-if-built-without-attr-support.patch (+77/-0)
Changed in libvirt (Ubuntu): | |
status: | New → Triaged |
description: | updated |
tags: |
added: verification-done verification-done-focal removed: verification-needed verification-needed-focal |
Note: related upstream issue https:/ /gitlab. com/libvirt/ libvirt/ -/issues/ 25
Hi Riccardo,
thanks for the report and the discussion until there was a fix.
I have prepared PPAs for Groovy and Focal including that fix for you to try if that change alone is really sufficient for your case as well. If you could give these a try and let me know?