1107420 – virt-xml-validate fails when checking a pool xml with space character as name

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1107420 - virt-xml-validate fails when checking a pool xml with space character as name

Summary: virt-xml-validate fails when checking a pool xml with space character as name

Keywords:
Status:	CLOSED DUPLICATE of bug 1475250
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Ján Tomko
QA Contact:	Meina Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-10 02:36 UTC by Shanzhi Yu
Modified:	2018-08-06 12:47 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-08-06 12:47:58 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Shanzhi Yu 2014-06-10 02:36:31 UTC

Description of problem:

virt-xml-validate should pass when check a pool xml with space character as name

Version-Release number of selected component (if applicable):

libvirt-client-1.1.1-29.el7.x86_64

How reproducible:

100%

Steps to Reproduce:

1. prepare xml file as below

# cat null.xml 
<pool type='dir'>
  <name> </name>
  <source>
  </source>
  <target>
    <path>/var/lib/libvirt/images/null</path>
  </target>
</pool>

2.
# virt-xml-validate null.xml 
null.xml:2: element name: Relax-NG validity error : Error validating datatype string
null.xml:2: element name: Relax-NG validity error : Element name failed to validate content
null.xml:1: element pool: Relax-NG validity error : Invalid sequence in interleave
null.xml:1: element pool: Relax-NG validity error : Element pool failed to validate content
null.xml fails to validate

3. define pool with the xml 

# virsh pool-define null.xml 
Pool   defined from null.xml

# virsh pool-dumpxml " " 
<pool type='dir'>
  <name> </name>
  <uuid>dce10ac7-71b8-4949-ae4b-93e885924e91</uuid>
  <capacity unit='bytes'>0</capacity>
..
</pool>


Actual results:


Expected results:

virt-xml-validate should pass when check a pool xml with space character as name


Additional info:

Comment 1 Peter Krempa 2014-06-10 07:05:13 UTC

On the contrary, we should reject creating such pool in the code. Having a space as a pool name doesn't make much sense.

Comment 2 Shanzhi Yu 2014-06-10 08:03:23 UTC

(In reply to Peter Krempa from comment #1)
> On the contrary, we should reject creating such pool in the code. Having a
> space as a pool name doesn't make much sense.

Should we reject creating volume/guest/network/snapshot..（all objects) with such name? 
Seem libvirt accept whitespce as objects name.


# virsh vol-list " " 
 Name                 Path                                    
------------------------------------------------------------------------------
                      /var/lib/libvirt/images/null2/  
# virsh list 
 Id    Name                           State
----------------------------------------------------
 7                                    running

# virsh net-list --all
 Name                 State      Autostart     Persistent
----------------------------------------------------------
                      inactive   no            yes
# virsh snapshot-create-as 7 " " 
Domain snapshot   created

Comment 3 Eric Blake 2014-06-10 11:40:11 UTC

Pools are abstract, so we control what they are named.  Volumes can come from the filesystem, so we pretty much have to allow anything except for . and .., and probably reject /.  Network names have to match rules for network devices, so that's probably also a place to reject odd names.  Guest names with leading dots are also awkward, as it leads to hidden logs.

One problem is that because we weren't conservative in the beginning about rejecting odd names, people may have already used them.  If we start rejecting it now, and a person upgrades libvirt, then their resource may suddenly stop working - and that's not nice.  We'd have to have a plan in place for back-compat for accessing and renaming any resource whose name is rendered invalid by tightened rules.  On the other hand, tightening rules can be a good thing - just because you CAN use a stupid name with odd characters doesn't mean you SHOULD.

Comment 6 John Ferlan 2015-07-02 14:33:46 UTC

Moving to 7.3

Comment 9 John Ferlan 2016-06-22 15:02:40 UTC

Move to consideration for 7.4

Comment 10 John Ferlan 2018-07-30 18:47:45 UTC

The "original issue" related to virt-xml-validate for storage_pool is no longer an issue because bz1475250 and libvirt commit id '5d7659027' altered the schema from 'genericName' (which didn't allow spaces, but did allow '\n') to one that more closely resembled the domain name processing.

I've posted some patches related to the remaining discussion that will add checking for newly defined/created storage pools, domain names, network names, nwfilter names, secret names, and snapshot names to disallow usage of all "white space" as a name - this includes any combination of "space" and/or "tab" characters as the entire name.

The initial patches do not include similar logic for interfaces or node devices, since those are system based/generated and wouldn't have a name completely composed of white space. I also did not include storage volumes since it's possible someone could have created a file with a name of all white space even though it's a bit unusual or dangerous (and not our problem to solve).

See:
https://www.redhat.com/archives/libvir-list/2018-July/msg02046.html

Comment 11 Ján Tomko 2018-08-06 12:47:58 UTC

As of:
commit 5d7659027fdc34a042af3094d3d02a0d823272c2
Author:     John Ferlan <jferlan>
CommitDate: 2017-10-05 08:10:46 -0400

    docs,rng: Adjust storage pool name grammar checks                                                                                                                
                                                                                                                                               
git describe: v3.8.0-36-g5d7659027f contains: v3.9.0-rc1~230

Space is an allowed character in pool name.

I don't see a compelling reason to prevent the user from using such inconvenient names.

*** This bug has been marked as a duplicate of bug 1475250 ***

Note You need to log in before you can comment on or make changes to this bug.