From 084c04b5bb83030834e3c7d6d89f1748133d5f0e Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Fri, 28 Feb 2020 15:36:49 +0100 Subject: [PATCH] qemu_shim: Ignore SIGPIPE I've found that if my virtlogd is socket activated but the daemon doesn't run yet, then the virt-qemu-run is killed right after it tries to start the domain. The problem is that because the default setting is to use virtlogd, the domain create code tries to connect to virtlogd socket, which in turn tries to detect who is connecting (virNetSocketGetUNIXIdentity()) and as a part of it, it will try to open /proc/${PID_OF_SHIM}/stat which is denied by SELinux: type=AVC msg=audit(1582903501.927:323): avc: denied { search } for \ pid=1210 comm="virtlogd" name="1843" dev="proc" ino=37224 \ scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 \ tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir \ permissive=0 Virtlogd reacts by closing the connection which the shim sees as SIGPIPE. Since the default response to the signal is Term, we don't even get to reporting any error nor to removing the temporary directory. Signed-off-by: Michal Privoznik Reviewed-by: Andrea Bolognani --- src/qemu/qemu_shim.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/qemu/qemu_shim.c b/src/qemu/qemu_shim.c index fd905825aa..7e87b8fb96 100644 --- a/src/qemu/qemu_shim.c +++ b/src/qemu/qemu_shim.c @@ -150,6 +150,7 @@ int main(int argc, char **argv) signal(SIGINT, qemuShimSigShutdown); signal(SIGQUIT, qemuShimSigShutdown); signal(SIGHUP, qemuShimSigShutdown); + signal(SIGPIPE, SIG_IGN); if (root == NULL) { if (!(root = g_dir_make_tmp("virt-qemu-run-XXXXXX", &error))) {