qemu_shim: Ignore SIGPIPE

I've found that if my virtlogd is socket activated but the daemon
doesn't run yet, then the virt-qemu-run is killed right after it
tries to start the domain. The problem is that because the default
setting is to use virtlogd, the domain create code tries to
connect to virtlogd socket, which in turn tries to detect who is
connecting (virNetSocketGetUNIXIdentity()) and as a part of it,
it will try to open /proc/${PID_OF_SHIM}/stat which is denied by
SELinux:

  type=AVC msg=audit(1582903501.927:323): avc:  denied  { search } for  \
  pid=1210 comm="virtlogd" name="1843" dev="proc" ino=37224 \
  scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 \
  tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir \
  permissive=0

Virtlogd reacts by closing the connection which the shim sees as
SIGPIPE. Since the default response to the signal is Term, we
don't even get to reporting any error nor to removing the
temporary directory.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
This commit is contained in:
Michal Privoznik 2020-02-28 15:36:49 +01:00
parent 63af64d78d
commit 084c04b5bb

View File

@ -150,6 +150,7 @@ int main(int argc, char **argv)
signal(SIGINT, qemuShimSigShutdown);
signal(SIGQUIT, qemuShimSigShutdown);
signal(SIGHUP, qemuShimSigShutdown);
signal(SIGPIPE, SIG_IGN);
if (root == NULL) {
if (!(root = g_dir_make_tmp("virt-qemu-run-XXXXXX", &error))) {