[libvirt] preview comments

Gene Czarcinski gene at czarc.net
Thu Jul 9 14:45:50 UTC 2009 

I am currently running the set of "preview" packages:
-------------------
libvirt.x86_64                      0.6.5-1.fc11                  @rawvirt      
libvirt-python.x86_64               0.6.5-1.fc11                  @rawvirt      
qemu.x86_64                         2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-common.x86_64                  2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-img.x86_64                     2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-kvm.x86_64                     2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-arm.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-cris.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-m68k.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-mips.x86_64             2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-ppc.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-sh4.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-sparc.x86_64            2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-system-x86.x86_64              2:0.10.50-8.kvm87.fc11        @rawvirt      
qemu-user.x86_64                    2:0.10.50-8.kvm87.fc11        @rawvirt
--------------------------------------------
So far I have been very pleased!  Not only does it work but it scratches my 
itch on how file contexts are handled ... when a guest begins to run, the 
context is set and when it stops, the context is restored.  I notice this is 
not only being done for not only for ISO image files but for logical volumes 
also.  Very good!

However (you knew this was coming), I have found an undesirable characteristic 
(commonly called a bug) which I will be reporting to bugzilla.

The problem occurs if two or more guests are sharing a file such as an ISO 
image file (which should be perfectly reasonable to share).  The 
"virt_content_t" context is set when the first guest starts running and the 
additional guests will use that.  However, when one of these guests stops 
running, the context is reset which will block the file from the other guests.

I suspect a simply implementation was used which uses restorecon to reset the 
file's context when a guest stops.  Unfortunately, I believe that the "fix" is 
going to be a lot more difficult and complex to implement.

However, if it does take some time to fix, I still prefer the new way where file 
contexts are restored even if there is a known problem which, for right now 
means that for running multiple guests using the same file it is "don't do 
that".

Gene

More information about the libvir-list mailing list