Entering freeze for libvirt-9.1.0

Jiri Denemark jdenemar at redhat.com
Thu Feb 23 09:25:28 UTC 2023 

On Wed, Feb 22, 2023 at 17:02:48 +0100, Stefano Brivio wrote:
> On Wed, 22 Feb 2023 15:23:04 +0100
> Jiri Denemark <jdenemar at redhat.com> wrote:
> 
> > I have just tagged v9.1.0-rc1 in the repository and pushed signed
> > tarballs and source RPMs to https://libvirt.org/sources/
> > 
> > Please give the release candidate some testing and in case you find a
> > serious issue which should have a fix in the upcoming release, feel
> > free to reply to this thread to make sure the issue is more visible.
> 
> The "passt" network back-end is entirely non-functional on distributions
> shipping with SELinux: the binary helper can't be executed. The
> 'virsh start' command reports:
> 
>   error: internal error: Could not start 'passt': libvirt:  error : cannot execute binary /usr/bin/passt: Permission denied
> 
> and the guest doesn't start. This is on Fedora 37, but it should be
> universally reproducible.
> 
> I provided more details on the thread at:
>   https://listman.redhat.com/archives/libvir-list/2023-February/238096.html
> 
> This is the relevant snippet from my domain XML file:
> 
>     <interface type='user'>
>       <mac address='52:54:00:36:21:6f'/>
>       <model type='virtio'/>
>       <backend type='passt'/>
>       <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
>     </interface>

Yes, this is quite unfortunate, but there are even distributions that do
not ship SELinux. And this is not a regression since 9.0.0, is it? As
we're in freeze for 9.1.0 release so reasonable bug fixes considered
safe (as in the chance for them to break more than they are fixing is
considered low) are welcome. But if, e.g., a patch (series) even though
being a bug fix contains a nontrivial refactor, it should really wait
until after the release. Unless it's fixing a critical bug.

That said, if this can reasonably be fixed without risking other issues
before the release, we can do so. But otherwise since this is a new
functionality and SELinux is not present in all distributions, there's
no reason to push something big and risky at the last moment or delay
the release because of this issue. We don't do this for AppArmor either.

Jirka

More information about the Libvirt-announce mailing list