Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1245525 - libvirt should reject metadata elements not belonging to any namespace
libvirt should reject metadata elements not belonging to any namespace
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt (Show other bugs)
7.2
x86_64 Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Peter Krempa
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-22 04:47 EDT by zhenfeng wang
Modified: 2016-11-03 14:20 EDT (History)
5 users (show)

See Also:
Fixed In Version: libvirt-1.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 14:20:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2577 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2016-11-03 08:07:06 EDT

  None (edit)
Description zhenfeng wang 2015-07-22 04:47:45 EDT
Description of problem:
libvirt should reject to configure reduntant metadata element in the guest's xml
while these elements aren't in namespace

Version-Release number of selected component (if applicable):
libvirt-1.2.17-2.el7.x86_64

How reproducible:
100%

Steps
1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     7.0                          shut off

2.Edit guest's xml, add multi same metadata in guest's xml, It will generate many redundant records
in guest's xml
# virsh dumpxml 7.0
--
  <metadata>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
  </metadata>



Actual results:
Generate the redundant record in guest's xml while configure many same metadatas in guest's xml

Expected results:
libvirt should reject to configure reduntant metadata element in the guest's xml libvirt should reject to configure reduntant metadata element in the guest's xml
Comment 1 Peter Krempa 2015-07-22 04:53:23 EDT
The problem is that the metadata elements don't belong to any namespace, but they should.
Comment 2 Peter Krempa 2015-10-06 07:39:40 EDT
Fixed upstream:

commit 51a4178f24a7a7a88a36915b8b358a8321e3ef58
Author: Peter Krempa <pkrempa@redhat.com>
Date:   Mon Oct 5 09:58:30 2015 +0200

    conf: Remove <metadata> elements with no namespace
    
    Our docs state that subelements of <metadata> shall have a namespace
    and the medatata APIs expect that too. To avoid inaccessible
    <metadata> sub-elements, just remove those that don't conform to the
    documentation.
    
    Apart from adding the new condition this patch renames the function and
    refactors the code flow to allow the changes.
Comment 4 zhenfeng wang 2016-03-25 05:31:25 EDT
Verify this bug with libvirt-1.3.2-1.el7.x86_64
1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     virt-tests-vm3                          shut off

2.Edit guest's xml, add multi same invalid metadata in guest's xml, libvirt will remove the invalid sub-elements from <metadata> element
in guest's xml
# virsh edit virt-tests-vm3
--
  <metadata>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
    <herp2erp xmlns:foobar="http://foo.bar3/" xmlns:herp2="http://herp.derp/"/>
  </metadata>

#virsh dumpxml virt-tests-vm3
--
  <metadata/>

3.Edit guest's xml, add multi same valid metadata in guest's xml, save the guest's xml, only 1 record will generated
#virsh edit virt-tests-vm3
--
  <metadata>
<foobar:herp2erp xmlns:foobar="http://foo.bar3/"/>
<foobar:herp2erp xmlns:foobar="http://foo.bar3/"/>
<foobar:herp2erp xmlns:foobar="http://foo.bar3/"/>
<foobar:herp2erp xmlns:foobar="http://foo.bar3/"/>
<foobar:herp2erp xmlns:foobar="http://foo.bar3/"/>
<foobar:herp2erp xmlns:foobar="http://foo.bar3/"/>
<foobar:herp2erp xmlns:foobar="http://foo.bar3/"/>
  </metadata>

#virsh dumpxml virt-tests-vm3
  <metadata>
    <foobar:herp2erp xmlns:foobar="http://foo.bar3/"/>
  </metadata>

4.Do some basic check the metadata command, all command could get expect result.
# virsh metadata virt-tests-vm3 --uri http://foo.bar3/
<herp2erp/>

# virsh metadata virt-tests-vm3 --uri http://foo.bar3/ --edit --key foobar
<herp2erp1/>

# virsh metadata virt-tests-vm3 --uri http://foo.bar3/ 
<herp2erp1/>

# virsh metadata virt-tests-vm3 --uri http://foo.bar3/  --remove
Metadata removed

# virsh metadata virt-tests-vm3 --uri http://foo.bar3/ 
error: metadata not found: Requested metadata element is not present

According to upper steps, mark this bug verified
Comment 7 errata-xmlrpc 2016-11-03 14:20:14 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html

Note You need to log in before you can comment on or make changes to this bug.