subject:"Change in vdsm\[master\]\: lvm\: Set libvirt image selinux label on block devices backin..."

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-02 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 6:

Build Failed 

http://jenkins.ovirt.org/job/vdsm_master_install-rpm-sanity-fc20_created/409/ : 
FAILURE

http://jenkins.ovirt.org/job/vdsm_master_install-rpm-sanity-el6_created/426/ : 
FAILURE

http://jenkins.ovirt.org/job/vdsm_master_unit_tests_gerrit_el/11745/ : FAILURE

http://jenkins.ovirt.org/job/vdsm_master_unit-tests_created/12689/ : FAILURE

http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/12534/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-02 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 7:

Build Failed 

http://jenkins.ovirt.org/job/vdsm_master_install-rpm-sanity-fc20_created/411/ : 
FAILURE

http://jenkins.ovirt.org/job/vdsm_master_install-rpm-sanity-el6_created/428/ : 
SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_unit_tests_gerrit_el/11752/ : FAILURE

http://jenkins.ovirt.org/job/vdsm_master_unit-tests_created/12696/ : FAILURE

http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/12541/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 7
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-01 Thread sbonazzo

Sandro Bonazzola has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 6:

Verified patchset 4 lvm rules working deploying Hosted Engine with iSCSI 
storage on CentOS 7 as in Bug #1142709.

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-01 Thread sbonazzo

Sandro Bonazzola has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 6:

please let me know when this patch will be included in a vdsm build so I can 
require the new vdsm version from hosted engine spec files.

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-01 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 5:

Build Successful 

http://jenkins.ovirt.org/job/vdsm_master_unit_tests_gerrit_el/11737/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_unit-tests_created/12681/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/12526/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-01 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 7: Verified+1

Version 7 fixes the build on el6 (flags argument added in re.sub in 2.7).

Otherwise there is no change the the installed rule, so still verified.

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 7
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-01 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 7: Code-Review+2

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 7
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-01 Thread Federico Simoncelli

Federico Simoncelli has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 7: Code-Review+1

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 7
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-01 Thread danken

Dan Kenigsberg has submitted this change and it was merged.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


lvm: Set libvirt image selinux label on block devices backing vdsm images

The SELinux sVirt protection for QEMU virtual machines is setup in such
a way that a domain can only access files or devices which are labelled
svirt_image_t label. Libvirt sets this label on block devices backing
images when it starts a vm.

On Fedora 19, 20 and EL 7, the selinux label on the block device is lost
after refreshing a logical volume.  The root cause of this issue is
systemd-udevd, trying to preserve the selinux label upon device change
event.

Loosing the selinux label causes the vm to pause. The only way to use
the vm is to restart the vm.  Practically, this breaks thin provisioning
on block storage, since after each automatic extend, a logical volume
must be refreshed.

This patch adds a temporary hack, by updating vdsm lvm rules to set the
libvirt image selinux label on vdsm images. This change should be
reverted when a fix is available in systemd-udevd.

This hack is enabled by default only for EL7, since we hope to get a
fix for systemd-udevd soon for Fedora.

To enable this hack on other platforms:

./configure --enable-chcon-hack

Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Bug-Url: https://bugzilla.redhat.com/1127460
Releates-To: https://bugzilla.redhat.com/1147910
Signed-off-by: Nir Soffer nsof...@redhat.com
Reviewed-on: http://gerrit.ovirt.org/33492
Reviewed-by: Dan Kenigsberg dan...@redhat.com
Reviewed-by: Federico Simoncelli fsimo...@redhat.com
---
M configure.ac
M vdsm.spec.in
M vdsm/storage/Makefile.am
R vdsm/storage/vdsm-lvm.rules.tpl.in
4 files changed, 52 insertions(+), 3 deletions(-)

Approvals:
  Nir Soffer: Verified
  Federico Simoncelli: Looks good to me, but someone else must approve
  Dan Kenigsberg: Looks good to me, approved



-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 8
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-10-01 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 8:

Build Failed 

http://jenkins.ovirt.org/job/vdsm_master_create-rpms_merged_test_debug/246/ : 
SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_verify-error-codes_merged/5879/ : 
SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_unit-tests_merged/4039/ : FAILURE

http://jenkins.ovirt.org/job/vdsm_master_create-rpms-el7-x86_64_merged/49/ : 
SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_create-rpms-fc20-x86_64_merged/45/ : 
SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_create-rpms-el6-x86_64_merged/51/ : 
SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_create-rpms-fc21-x86_64_merged/25/ : 
SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 8
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Sandro Bonazzola sbona...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-30 Thread Federico Simoncelli

Federico Simoncelli has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 4: Code-Review+1

(1 comment)

http://gerrit.ovirt.org/#/c/33492/4/vdsm/storage/vdsm-lvm.rules.in
File vdsm/storage/vdsm-lvm.rules.in:

Line 20: # The libvirt image label is required to allow qemu to access volumes. 
Libvirt
Line 21: # sets this label on volumes when starting a vm, but on recent EL and 
Fedora
Line 22: # releases, the label is lost after refreshing a logical volume, and 
vm get
Line 23: # paused. This rule ensures that the label exist after device changes. 
See
Line 24: # https://bugzilla.redhat.com/1127460
What's the bz of the underlying component?
Line 25: #
Line 26: # TODO: use SECLABEL{selinux}=@LIBVIRT_IMAGE_LABEL@ when this syntax 
is
Line 27: # supported. See https://bugzilla.redhat.com/1015300
Line 28: 


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-30 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 4:

(1 comment)

http://gerrit.ovirt.org/#/c/33492/4/vdsm/storage/vdsm-lvm.rules.in
File vdsm/storage/vdsm-lvm.rules.in:

Line 20: # The libvirt image label is required to allow qemu to access volumes. 
Libvirt
Line 21: # sets this label on volumes when starting a vm, but on recent EL and 
Fedora
Line 22: # releases, the label is lost after refreshing a logical volume, and 
vm get
Line 23: # paused. This rule ensures that the label exist after device changes. 
See
Line 24: # https://bugzilla.redhat.com/1127460
 What's the bz of the underlying component?
That bz does not exists yet, since we don't know what is the underlying 
component responsible for this. I think libvirt is the right component, as they 
manage the label.
Line 25: #
Line 26: # TODO: use SECLABEL{selinux}=@LIBVIRT_IMAGE_LABEL@ when this syntax 
is
Line 27: # supported. See https://bugzilla.redhat.com/1015300
Line 28: 


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-30 Thread Federico Simoncelli

Federico Simoncelli has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 4:

(1 comment)

http://gerrit.ovirt.org/#/c/33492/4/vdsm/storage/vdsm-lvm.rules.in
File vdsm/storage/vdsm-lvm.rules.in:

Line 20: # The libvirt image label is required to allow qemu to access volumes. 
Libvirt
Line 21: # sets this label on volumes when starting a vm, but on recent EL and 
Fedora
Line 22: # releases, the label is lost after refreshing a logical volume, and 
vm get
Line 23: # paused. This rule ensures that the label exist after device changes. 
See
Line 24: # https://bugzilla.redhat.com/1127460
 That bz does not exists yet, since we don't know what is the underlying com
We have now the bz:

https://bugzilla.redhat.com/show_bug.cgi?id=1147910
Line 25: #
Line 26: # TODO: use SECLABEL{selinux}=@LIBVIRT_IMAGE_LABEL@ when this syntax 
is
Line 27: # supported. See https://bugzilla.redhat.com/1015300
Line 28: 


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-30 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 5: Verified+1

Version 5 fix the comments to refer to the systemd-udevd bug url, and update 
the commit message.

No behavior changes, copying the verified flag.

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-30 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 5: Code-Review-1

(1 comment)

http://gerrit.ovirt.org/#/c/33492/5/vdsm/storage/vdsm-lvm.rules.in
File vdsm/storage/vdsm-lvm.rules.in:

Line 23: # paused. This rule ensures that the label exist after device changes. 
See
Line 24: # https://bugzilla.redhat.com/1147910
Line 25: #
Line 26: # TODO: use SECLABEL{selinux}=@LIBVIRT_IMAGE_LABEL@ when this syntax 
is
Line 27: # supported. See https://bugzilla.redhat.com/1015300
Only after discussing this with Federico do I realize that this is a security 
issue - it removes sVirt's protection against cross-qemu attacks.

Since the systemd bug is unrelated to el6, this patch has net negative affect 
on el6 (which is still our main platform). Thus, it should not be merged as it 
is now.

For Fedora/EL7 we have two bad options:
* keep thin provisioning broken, until https://bugzilla.redhat.com/1147910 is 
fixed.
* effectively disable svirt. (which can be done in a simpler fashion, I 
suppose, with a libvirtd.conf tweak).
Line 28: 
Line 29: # add event is processed on coldplug only, so we need change, too.
Line 30: ACTION!=add|change, GOTO=lvm_end
Line 31: 


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-30 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 6: Verified+1

This version make this hack configurable, and configure it only on EL7.

The generated rules on other platform has no change, the the generated fules on 
EL7 is same as the previous patch, except changed comment, so still verified.

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-30 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 6:

(1 comment)

Pretty hack! Hopefully short-lived.

Despite the reduced security, I would like to support thin provisioning on el7 
and Fedora.

http://gerrit.ovirt.org/#/c/33492/6/vdsm.spec.in
File vdsm.spec.in:

Line 39: %if ! 0%{?rhel}
Line 40: %global with_vhostmd 1
Line 41: %endif
Line 42: 
Line 43: %if 0%{?rhel} = 7
we need this also on Fedora, don't we?
Line 44: %global with_chcon_hack 1
Line 45: %endif
Line 46: 
Line 47: %if 0%{?fedora} = 15 || 0%{?rhel} = 7


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-30 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 6:

(1 comment)

http://gerrit.ovirt.org/#/c/33492/6/vdsm.spec.in
File vdsm.spec.in:

Line 39: %if ! 0%{?rhel}
Line 40: %global with_vhostmd 1
Line 41: %endif
Line 42: 
Line 43: %if 0%{?rhel} = 7
 we need this also on Fedora, don't we?
Federico hope that we get a fix soon - I will send one line patch to enable it 
on Fedora tomorrow if needed.

- %if 0%{?rhel} = 7
+ %if 0%{?rhel} = 7 || 0%{?fedora} = 19
Line 44: %global with_chcon_hack 1
Line 45: %endif
Line 46: 
Line 47: %if 0%{?fedora} = 15 || 0%{?rhel} = 7


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread nsoffer

Nir Soffer has uploaded a new change for review.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..

lvm: Set libvirt image selinux label on block devices backing vdsm images

The SELinux sVirt protection for QEMU virtual machines is setup such way
that domain can only access files which are labelled svirt_image_t
label. Libvirt set this label on block devices backing images when
starting a vm.

On Fedora 19, 20 and EL 7, the selinux label on the block device is lost
after refreshing a logical volume. This cause vm to pause. The only way
to use the vm is to shut it down and start it again, which cause libvirt
to setup the selinux label properly.

Practically this issue breaks thin provisioning on block storage on the
effected platforms.

We don't know why the selinux label is lost, and lvm developers claim
that relevant code was not changed recently. This issue may be caused by
lower level components such as device mapper, multipath or iscsi.

This patch adds a temporary solution, by updating vdsm lvm rules to set
the libvirt image selinux label on vdsm images.

Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Bug-Url: https://bugzilla.redhat.com/1127460
Signed-off-by: Nir Soffer nsof...@redhat.com
---
M configure.ac
M vdsm/storage/vdsm-lvm.rules.in
2 files changed, 16 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/92/33492/1

diff --git a/configure.ac b/configure.ac
index af9db86..a39d9a6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,6 +111,9 @@
 )
 AC_SUBST([LIBVIRT_SERVICE_DEFAULT], [${with_libvirt_service_default}])
 
+AC_SUBST([LIBVIRT_IMAGE_LABEL], ['svirt_image_t'])
+
+
 # Users and groups
 AC_SUBST([VDSMUSER], [vdsm])
 AC_SUBST([VDSMGROUP], [kvm])
@@ -245,6 +248,7 @@
 AC_PATH_PROG([BLKID_PATH], [blkid], [/sbin/blkid])
 AC_PATH_PROG([BRCTL_PATH], [brctl], [/usr/sbin/brctl])
 AC_PATH_PROG([CAT_PATH], [cat], [/bin/cat])
+AC_PATH_PROG([CHCON_PATH], [chcon], [/bin/chcon])
 AC_PATH_PROG([CHKCONFIG_PATH], [chkconfig], [/sbin/chkconfig])
 AC_PATH_PROG([CHMOD_PATH], [chmod], [/bin/chmod])
 AC_PATH_PROG([CHOWN_PATH], [chown], [/bin/chown])
diff --git a/vdsm/storage/vdsm-lvm.rules.in b/vdsm/storage/vdsm-lvm.rules.in
index 341278d..dd3e07e 100644
--- a/vdsm/storage/vdsm-lvm.rules.in
+++ b/vdsm/storage/vdsm-lvm.rules.in
@@ -16,14 +16,23 @@
 #   DM_LV_NAME - logical volume name
 #   DM_VG_NAME - volume group name
 #   DM_LV_LAYER - logical volume layer (blank if not set)
+#
+# The libvirt image label is required to allow qemu to access volumes. Libvirt
+# set this label on volumes when starting a vm, but on recent EL and Fedora
+# releases, the label is lost after refreshing a logical volume, and vm get
+# paused. This rule ensures that the label exist after device changes. See
+# https://bugzilla.redhat.com/1127460
+#
+# TODO: use SECLABEL{selinux}=@LIBVIRT_IMAGE_LABEL@ when this syntax is
+# supported. See https://bugzilla.redhat.com/1015300
 
 # add event is processed on coldplug only, so we need change, too.
 ACTION!=add|change, GOTO=lvm_end
 
 # Fix ownership for RHEV volumes
-ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, GOTO=lvm_end
-ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]_MERGE,
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, GOTO=lvm_end
-ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 1:

Build Successful 

http://jenkins.ovirt.org/job/vdsm_master_unit_tests_gerrit_el/11708/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_unit-tests_created/12652/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/12497/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 2: Verified+1

Verified on rhel7 and 6.5 (all tests done when spm was rhel7 or rhel6.5).

- Create and provision vm
- Thin provisioning extend flow
- Create template
- Create vm from template
- Live snapshot
- Live storage migration
- Move disk to another domain
- Delete snapshot
- Delete tempalte
- Delete vm

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread fromani

Francesco Romani has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 2: Code-Review+1

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 2:

(1 comment)

http://gerrit.ovirt.org/#/c/33492/2//COMMIT_MSG
Commit Message:

Line 22: We don't know why the selinux label is lost, and lvm developers claim
Line 23: that relevant code was not changed recently. This issue may be caused 
by
Line 24: lower level components such as device mapper, multipath or iscsi.
Line 25: 
Line 26: This patch adds a temporary solution, by updating vdsm lvm rules to set
Can we reproduce the label removal with

  lvchange --refresh

outside the context of vdsm? IPlease open such a BZ and refer to it in this 
commit message. If we do not do that, we would never recall to remove the 
superfluous `chcon` added here.

BTW, can we avoid the chcons on el6 (without adding too much complexity)? It's 
a shame to affect our main platform with plenty of execs that it does not need.
Line 27: the libvirt image selinux label on vdsm images.
Line 28: 
Line 29: Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Line 30: Bug-Url: https://bugzilla.redhat.com/1127460


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread amureini

Allon Mureinik has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 2: Code-Review+1

(8 comments)

+1 on the code, see inline grammar comments.

@Nir - did you verify scenarios where SPM what EL7 and the HSM running the VM 
was EL6.5?

http://gerrit.ovirt.org/#/c/33492/2//COMMIT_MSG
Commit Message:

Line 5: CommitDate: 2014-09-29 18:01:31 +0300
Line 6: 
Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm 
images
Line 8: 
Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way
s/such wat/in such a way/
Line 10: that domain can only access files which are labelled svirt_image_t
Line 11: label. Libvirt set this label on block devices backing images when
Line 12: starting a vm.
Line 13: 


Line 6: 
Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm 
images
Line 8: 
Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way
Line 10: that domain can only access files which are labelled svirt_image_t
s/domain/a domain/

also, s/files/devices/ no?
Line 11: label. Libvirt set this label on block devices backing images when
Line 12: starting a vm.
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost


Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm 
images
Line 8: 
Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way
Line 10: that domain can only access files which are labelled svirt_image_t
Line 11: label. Libvirt set this label on block devices backing images when
s/set/sets/
Line 12: starting a vm.
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost
Line 15: after refreshing a logical volume. This cause vm to pause. The only way


Line 8: 
Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way
Line 10: that domain can only access files which are labelled svirt_image_t
Line 11: label. Libvirt set this label on block devices backing images when
Line 12: starting a vm.
s/starting/it starts/
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost
Line 15: after refreshing a logical volume. This cause vm to pause. The only way
Line 16: to use the vm is to shut it down and start it again, which cause 
libvirt


Line 11: label. Libvirt set this label on block devices backing images when
Line 12: starting a vm.
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost
Line 15: after refreshing a logical volume. This cause vm to pause. The only way
s/cause vm/causes the vm/
Line 16: to use the vm is to shut it down and start it again, which cause 
libvirt
Line 17: to setup the selinux label properly.
Line 18: 
Line 19: Practically this issue breaks thin provisioning on block storage on the


Line 12: starting a vm.
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost
Line 15: after refreshing a logical volume. This cause vm to pause. The only way
Line 16: to use the vm is to shut it down and start it again, which cause 
libvirt
s/cause/causes/
Line 17: to setup the selinux label properly.
Line 18: 
Line 19: Practically this issue breaks thin provisioning on block storage on the
Line 20: effected platforms.


http://gerrit.ovirt.org/#/c/33492/2/vdsm/storage/vdsm-lvm.rules.in
File vdsm/storage/vdsm-lvm.rules.in:

Line 18: #   DM_LV_LAYER - logical volume layer (blank if not set)
Line 19: #
Line 20: # The libvirt image label is required to allow qemu to access volumes. 
Libvirt
Line 21: # sets this label on volumes when starting a vm, but on recent EL and 
Fedora
Line 22: # releases, the label is lost after refreshing a logical volume, and 
vm get
s/vm get/the vm gets/
Line 23: # paused. This rule ensures that the label exist after device changes. 
See
Line 24: # https://bugzilla.redhat.com/1127460
Line 25: #
Line 26: # TODO: use SECLABEL{selinux}=@LIBVIRT_IMAGE_LABEL@ when this syntax 
is


Line 19: #
Line 20: # The libvirt image label is required to allow qemu to access volumes. 
Libvirt
Line 21: # sets this label on volumes when starting a vm, but on recent EL and 
Fedora
Line 22: # releases, the label is lost after refreshing a logical volume, and 
vm get
Line 23: # paused. This rule ensures that the label exist after device changes. 
See
s/exist/exists/
Line 24: # https://bugzilla.redhat.com/1127460
Line 25: #
Line 26: # TODO: use SECLABEL{selinux}=@LIBVIRT_IMAGE_LABEL@ when this syntax 
is
Line 27: # supported. See https://bugzilla.redhat.com/1015300


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch:

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 2:

(1 comment)

http://gerrit.ovirt.org/#/c/33492/2//COMMIT_MSG
Commit Message:

Line 22: We don't know why the selinux label is lost, and lvm developers claim
Line 23: that relevant code was not changed recently. This issue may be caused 
by
Line 24: lower level components such as device mapper, multipath or iscsi.
Line 25: 
Line 26: This patch adds a temporary solution, by updating vdsm lvm rules to set
 Can we reproduce the label removal with
Maybe libvirt is chcon'ing the device instead of setting a udev rule? In that 
case, the change does not survive further udev triggers.

If this is the case, it's a libvirt bug that should be considered there. (we 
can still hack it in vdsm until they solve it properly)

BTW, why does SElinux context changes matter to qemu? Doesn't it keep an open 
file descriptor?
Line 27: the libvirt image selinux label on vdsm images.
Line 28: 
Line 29: Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Line 30: Bug-Url: https://bugzilla.redhat.com/1127460


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 2:

(2 comments)

Allon: I verified when spm was el7 and el6, when there were two vms, one 
running on the el6 host and one on the el7 host.

http://gerrit.ovirt.org/#/c/33492/2//COMMIT_MSG
Commit Message:

Line 22: We don't know why the selinux label is lost, and lvm developers claim
Line 23: that relevant code was not changed recently. This issue may be caused 
by
Line 24: lower level components such as device mapper, multipath or iscsi.
Line 25: 
Line 26: This patch adds a temporary solution, by updating vdsm lvm rules to set
 Can we reproduce the label removal with
We can easily reproduce this, just chcon and run lvchagne --refresh to loose 
the label.

We can add use el6 specific rule without this - but we can also fix this later. 
It would be nice if we can get this fixed the release this week.
Line 27: the libvirt image selinux label on vdsm images.
Line 28: 
Line 29: Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Line 30: Bug-Url: https://bugzilla.redhat.com/1127460


Line 22: We don't know why the selinux label is lost, and lvm developers claim
Line 23: that relevant code was not changed recently. This issue may be caused 
by
Line 24: lower level components such as device mapper, multipath or iscsi.
Line 25: 
Line 26: This patch adds a temporary solution, by updating vdsm lvm rules to set
 Maybe libvirt is chcon'ing the device instead of setting a udev rule? In th
Libvirt does chcon the device - it assumes that the label is never removed, 
which is true on rhel6.

I believe this a platform bug, and should be solved in lower level layers.

I did not checked qemu code, the only effect I know is pausing the vm as it 
cannot read or write any more the volume without the label.
Line 27: the libvirt image selinux label on vdsm images.
Line 28: 
Line 29: Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Line 30: Bug-Url: https://bugzilla.redhat.com/1127460


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 2:

(6 comments)

http://gerrit.ovirt.org/#/c/33492/2//COMMIT_MSG
Commit Message:

Line 5: CommitDate: 2014-09-29 18:01:31 +0300
Line 6: 
Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm 
images
Line 8: 
Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way
 s/such wat/in such a way/
Done
Line 10: that domain can only access files which are labelled svirt_image_t
Line 11: label. Libvirt set this label on block devices backing images when
Line 12: starting a vm.
Line 13: 


Line 6: 
Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm 
images
Line 8: 
Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way
Line 10: that domain can only access files which are labelled svirt_image_t
 s/domain/a domain/
Done
Line 11: label. Libvirt set this label on block devices backing images when
Line 12: starting a vm.
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost


Line 7: lvm: Set libvirt image selinux label on block devices backing vdsm 
images
Line 8: 
Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way
Line 10: that domain can only access files which are labelled svirt_image_t
Line 11: label. Libvirt set this label on block devices backing images when
 s/set/sets/
Done
Line 12: starting a vm.
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost
Line 15: after refreshing a logical volume. This cause vm to pause. The only way


Line 8: 
Line 9: The SELinux sVirt protection for QEMU virtual machines is setup such way
Line 10: that domain can only access files which are labelled svirt_image_t
Line 11: label. Libvirt set this label on block devices backing images when
Line 12: starting a vm.
 s/starting/it starts/
Done
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost
Line 15: after refreshing a logical volume. This cause vm to pause. The only way
Line 16: to use the vm is to shut it down and start it again, which cause 
libvirt


Line 11: label. Libvirt set this label on block devices backing images when
Line 12: starting a vm.
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost
Line 15: after refreshing a logical volume. This cause vm to pause. The only way
 s/cause vm/causes the vm/
Done
Line 16: to use the vm is to shut it down and start it again, which cause 
libvirt
Line 17: to setup the selinux label properly.
Line 18: 
Line 19: Practically this issue breaks thin provisioning on block storage on the


Line 12: starting a vm.
Line 13: 
Line 14: On Fedora 19, 20 and EL 7, the selinux label on the block device is 
lost
Line 15: after refreshing a logical volume. This cause vm to pause. The only way
Line 16: to use the vm is to shut it down and start it again, which cause 
libvirt
 s/cause/causes/
Done
Line 17: to setup the selinux label properly.
Line 18: 
Line 19: Practically this issue breaks thin provisioning on block storage on the
Line 20: effected platforms.


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 3:

Version 3 addresses fixes typos in the commit message.

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 3:

Build Successful 

http://jenkins.ovirt.org/job/vdsm_master_unit_tests_gerrit_el/11722/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_unit-tests_created/12666/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/12511/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread amureini

Allon Mureinik has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 3:

please also fix the grammar issues in the inline comment in 
vdsm/storage/vdsm-lvm.rules.in

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread Federico Simoncelli

Federico Simoncelli has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 3: Code-Review-1

(2 comments)

http://gerrit.ovirt.org/#/c/33492/3/vdsm/storage/vdsm-lvm.rules.in
File vdsm/storage/vdsm-lvm.rules.in:

Line 30: ACTION!=add|change, GOTO=lvm_end
Line 31: 
Line 32: # Fix ownership for RHEV volumes
Line 33: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, RUN+=@CHCON_PATH@ -t 
@LIBVIRT_IMAGE_LABEL@ $env{DEVNAME}, GOTO=lvm_end
Line 34: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]_MERGE,
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, RUN+=@CHCON_PATH@ -t 
@LIBVIRT_IMAGE_LABEL@ $env{DEVNAME}, GOTO=lvm_end
This one is never used by qemu.
Line 35: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==_remove_me_[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]_[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, RUN+=@CHCON_PATH@ -t 
@LIBVIRT_IMAGE_LABEL@ $env{DEVNAME}, GOTO=lvm_end
Line 36: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 ENV{DM_LV_NAME}==metadata, MODE:=0600, OWNER:=@VDSMUSER@, 
GROUP:=@QEMUGROUP@, GOTO=lvm_end
Line 37: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 ENV{DM_LV_NAME}==ids, MODE:=0660, OWNER:=@VDSMUSER@, 
GROUP:=@SNLKGROUP@, GOTO=lvm_end
Line 38: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 ENV{DM_LV_NAME}==inbox, MODE:=0600, OWNER:=@VDSMUSER@, 
GROUP:=@QEMUGROUP@, GOTO=lvm_end


Line 31: 
Line 32: # Fix ownership for RHEV volumes
Line 33: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, RUN+=@CHCON_PATH@ -t 
@LIBVIRT_IMAGE_LABEL@ $env{DEVNAME}, GOTO=lvm_end
Line 34: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 3:

(1 comment)

http://gerrit.ovirt.org/#/c/33492/3//COMMIT_MSG
Commit Message:

Line 22: We don't know why the selinux label is lost, and lvm developers claim
Line 23: that relevant code was not changed recently. This issue may be caused 
by
Line 24: lower level components such as device mapper, multipath or iscsi.
Line 25: 
Line 26: This patch adds a temporary solution, by updating vdsm lvm rules to set
It's either a libvirt bug, or something lower in the stack - but we need a BZ 
open to track this (or else it would be forgotten, or solved without us 
noticing).

It's libvirt's responsibility to set a label that is maintained over refreshes. 
What they currently do is buggy. Please pass the buck when level downwards.
Line 27: the libvirt image selinux label on vdsm images.
Line 28: 
Line 29: Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Line 30: Bug-Url: https://bugzilla.redhat.com/1127460


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 3:

(2 comments)

http://gerrit.ovirt.org/#/c/33492/3/vdsm/storage/vdsm-lvm.rules.in
File vdsm/storage/vdsm-lvm.rules.in:

Line 30: ACTION!=add|change, GOTO=lvm_end
Line 31: 
Line 32: # Fix ownership for RHEV volumes
Line 33: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, RUN+=@CHCON_PATH@ -t 
@LIBVIRT_IMAGE_LABEL@ $env{DEVNAME}, GOTO=lvm_end
Line 34: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]_MERGE,
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, RUN+=@CHCON_PATH@ -t 
@LIBVIRT_IMAGE_LABEL@ $env{DEVNAME}, GOTO=lvm_end
 This one is never used by qemu.
Ok
Line 35: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==_remove_me_[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]_[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, RUN+=@CHCON_PATH@ -t 
@LIBVIRT_IMAGE_LABEL@ $env{DEVNAME}, GOTO=lvm_end
Line 36: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 ENV{DM_LV_NAME}==metadata, MODE:=0600, OWNER:=@VDSMUSER@, 
GROUP:=@QEMUGROUP@, GOTO=lvm_end
Line 37: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 ENV{DM_LV_NAME}==ids, MODE:=0660, OWNER:=@VDSMUSER@, 
GROUP:=@SNLKGROUP@, GOTO=lvm_end
Line 38: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 ENV{DM_LV_NAME}==inbox, MODE:=0600, OWNER:=@VDSMUSER@, 
GROUP:=@QEMUGROUP@, GOTO=lvm_end


Line 31: 
Line 32: # Fix ownership for RHEV volumes
Line 33: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 
ENV{DM_LV_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
 OWNER:=@VDSMUSER@, GROUP:=@QEMUGROUP@, RUN+=@CHCON_PATH@ -t 
@LIBVIRT_IMAGE_LABEL@ $env{DEVNAME}, GOTO=lvm_end
Line 34: 
ENV{DM_VG_NAME}==[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9]-[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread amureini

Allon Mureinik has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 4: Code-Review+1

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 4:

Build Successful 

http://jenkins.ovirt.org/job/vdsm_master_unit_tests_gerrit_el/11723/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_unit-tests_created/12667/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_master_pep8_gerrit/12512/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 3:

(1 comment)

http://gerrit.ovirt.org/#/c/33492/3//COMMIT_MSG
Commit Message:

Line 22: We don't know why the selinux label is lost, and lvm developers claim
Line 23: that relevant code was not changed recently. This issue may be caused 
by
Line 24: lower level components such as device mapper, multipath or iscsi.
Line 25: 
Line 26: This patch adds a temporary solution, by updating vdsm lvm rules to set
 It's either a libvirt bug, or something lower in the stack - but we need a 
We will open a bug for libvirt.
Line 27: the libvirt image selinux label on vdsm images.
Line 28: 
Line 29: Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Line 30: Bug-Url: https://bugzilla.redhat.com/1127460


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread nsoffer

Nir Soffer has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 4: Verified+1

Version 4 addresess Federico comments. 

Verification the same, as some images that are never accessed by qemu were 
labelled before.

-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: lvm: Set libvirt image selinux label on block devices backin...

2014-09-29 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: lvm: Set libvirt image selinux label on block devices backing 
vdsm images
..


Patch Set 3:

(1 comment)

http://gerrit.ovirt.org/#/c/33492/3//COMMIT_MSG
Commit Message:

Line 22: We don't know why the selinux label is lost, and lvm developers claim
Line 23: that relevant code was not changed recently. This issue may be caused 
by
Line 24: lower level components such as device mapper, multipath or iscsi.
Line 25: 
Line 26: This patch adds a temporary solution, by updating vdsm lvm rules to set
 We will open a bug for libvirt.
Thanks! and mention it the the udev rule text, so that a future developer 
asking himself: Is nonsense this still relevent? would know immediately where 
to look.
Line 27: the libvirt image selinux label on vdsm images.
Line 28: 
Line 29: Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Line 30: Bug-Url: https://bugzilla.redhat.com/1127460


-- 
To view, visit http://gerrit.ovirt.org/33492
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I95f85c7b548b2c058693b20b1fa177714a6e1a10
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: Allon Mureinik amure...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Federico Simoncelli fsimo...@redhat.com
Gerrit-Reviewer: Francesco Romani from...@redhat.com
Gerrit-Reviewer: Nir Soffer nsof...@redhat.com
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

38 matches

Mail list logo