Bug 851395

Summary: xml parse error occur after upgrade to the newest package
Product: Red Hat Enterprise Linux 6 Reporter: EricLee <bili>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4CC: acathrow, dyasny, dyuan, gsun, mzhan, rwu, weizhan, whuang, ydu
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-0.10.0-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 07:21:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 822589    

Description EricLee 2012-08-24 04:12:45 UTC
Description
In libvirt-0.10.0-0rc1.el6, the guest xml parse is different from old packages.
There is no xml parse error in old packages, but when upgrade packages, can not parse this element, give error in libvirtd.log, and there are guests can not be list with  virsh list --all.

version
libvirt-0.10.0-0rc1.el6.x86_64

Steps
1. Install older package like libvirt-0.10.0-0rc0.el6.x86_64

2. define a guest like:
# virsh dumpxml mig-0
<domain type='kvm'>
  <name>mig-0</name>
  <uuid>4926ef97-bbe3-b831-6dec-9611156ecdbf</uuid>
  <memory unit='KiB'>1048576</memory>
  <currentMemory unit='KiB'>1048576</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <os>
    <type arch='x86_64' machine='rhel6.3.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source file='/mnt/nfs/xxxx.img'>
        <seclabel relabel='no'/>
      </source>
      <target dev='hda' bus='ide'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <controller type='ide' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </controller>
    <interface type='network'>
      <mac address='52:54:00:f3:c5:2e'/>
      <source network='default'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type='pty'>
      <target port='0'/>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <sound model='ich6'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </sound>
    <video>
      <model type='cirrus' vram='9216' heads='1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' relabel='yes'/>
</domain>

3. Upgrade package to libvirt-0.10.0-0rc1.el6.x86_64 and check the libvirtd.log at the same time.

4. list guests
# virsh list --all
can not list the guest which has xml like above-mentioned.

Actual result
Get error like:
# tail -f /var/log/libvirt/libvirtd.log
.....
2012-08-23 09:51:15.478+0000: 11413: error : virSecurityLabelDefParseXML:3129 : XML error: missing security model
2012-08-23 09:51:15.479+0000: 11413: error : virSecurityDeviceLabelDefParseXML:3230 : XML error: invalid security model
.....

Expect result
No error and works well.

In addition, other packages are all working well using the same guest xml. So setting regression.

Comment 3 EricLee 2012-08-24 06:20:57 UTC
The  "<seclabel type='dynamic' relabel='yes'/>" will cause error in libvirtd.log:

From Bug 822589:

Define a domain with xml:
...
  <seclabel type='dynamic' relabel='yes'/>
...

# virsh start libvirt_test_api
Domain libvirt_test_api started

# virsh dumpxml libvirt_test_api

check xml:
...
  <seclabel type='dynamic' relabel='yes'/>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>107:107</label>
    <imagelabel>107:107</imagelabel>
  </seclabel>
  <seclabel type='dynamic' model='selinux' relabel='yes'>
    <label>unconfined_u:system_r:svirt_t:s0:c39,c243</label>
    <imagelabel>unconfined_u:object_r:svirt_image_t:s0:c39,c243</imagelabel>
  </seclabel>
...

After domain started, dac and selinux model seclabel are added, but the seclabel without model also stay.

check in log:
2012-08-24 04:06:34.073+0000: 27164: error : virSecurityLabelDefParseXML:3129 : XML error: missing security model

So the problem maybe due to that bug https://bugzilla.redhat.com/show_bug.cgi?id=822589.

Comment 4 Laine Stump 2012-08-24 20:04:28 UTC
Michal fixed this problem in the following patch pushed upstream (in response comments in Bug 822589, which is tracking the addition of the new feature whose patches caused this regression):

commit 0ee655f5f5ade7cb33e1f93af18c6948591d0fba
Author: Michal Privoznik <mprivozn>
Date:   Fri Aug 24 14:59:59 2012 +0200

    conf: Don't always require security/@model
    
    Only parse model, if static labelling, or
    a base label is set, or doing active XML.

Comment 6 yanbing du 2012-08-30 09:35:43 UTC
Verify this bug with libvirt-0.10.0-1.el6.x86_64.
Update from 0.10.0-0rc0.el6.x86_64 to libvirt-0.10.0-1.el6.x86_64, the old guest still keep its status and no xml parse error.
So move to VERIFIED.

Comment 7 errata-xmlrpc 2013-02-21 07:21:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html