Bug 639599 - "virt-xml-validate" failed to validate guest domain configuration file if the domain name got a "#" in it .
Summary: "virt-xml-validate" failed to validate guest domain configuration file if the...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.1
Hardware: All
OS: Linux
high
medium
Target Milestone: rc
: ---
Assignee: Peter Krempa
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Keywords:
: 638962 (view as bug list)
Depends On:
Blocks: 645519 GSS_6_2_PROPOSED 747123 727267 747667 756082
TreeView+ depends on / blocked
 
Reported: 2010-10-02 12:38 UTC by Humble Chirammal
Modified: 2018-11-27 21:56 UTC (History)
10 users (show)

(edit)
Cause: 
Schema for the XML files contained stricter rules than those that were actually enforced by libvirt.

Consequence: 
Validation tools failed to validate guest XMLs that contained special characters in guest's name even if libvirt accepted the XML.

Fix:
The XML schema was relaxed to allow arbitrary strings with no limitation leaving the enforcement of rules on the hypervisor driver.

Result:
Users are able to validate that XMLs that are accepted by libvirt comply to the schemas.
Clone Of:
(edit)
Last Closed: 2012-06-20 06:25:27 UTC


Attachments (Terms of Use)
This patch validates the guest domain name even-though it contains "#" in it. (387 bytes, application/octet-stream)
2010-10-03 05:14 UTC, Humble Chirammal
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0748 normal SHIPPED_LIVE Low: libvirt security, bug fix, and enhancement update 2012-06-19 19:31:38 UTC

Description Humble Chirammal 2010-10-02 12:38:29 UTC
Description of problem:

"virt-xml-validate" failed to validate guest domain configuration file if the domain name got a "#" in it .

I am able to start the subjected guest without any issues.

Version-Release number of selected component (if applicable):

Kernel : 2.6.32-44.2.el6.x86_64
Package: libvirt-client-0.8.1-13.el6.x86_64
Arch   : x86_64


How reproducible:

Always

Steps to Reproduce:

1) Start a guest which got "#" in its name .

[root@dhcp210-84 ~]# virsh create /etc/libvirt/qemu/rhel6.xml
Domain rhel6# created from /etc/libvirt/qemu/rhel6.xml


[root@dhcp210-84 ~]# cat /etc/libvirt/qemu/rhel6.xml
<domain type='kvm'>
  <name>rhel6#</name>
  <uuid>93ae9226-70ca-d0e8-ab41-2ebfe2edbf3c</uuid>
  <memory>1048576</memory>
  <currentMemory>1048576</currentMemory>
  <vcpu>2</vcpu>
  <os>
    <type arch='x86_64' machine='pc-0.12'>hvm</type>
    <boot dev='hd'/>
  </os>

******

2)Verified guest is running fine.


[root@dhcp210-84 ~]# virsh list
 Id Name                 State
----------------------------------
  4 RHEL6-64             running
  5 rhel6#               running

[root@dhcp210-84 ~]# 

3) Now, validate guest configuration file by "virt-xml-validate" , we can see below error messages.

[root@dhcp210-84 ~]# virt-xml-validate /etc/libvirt/qemu/rhel6.xml
/etc/libvirt/qemu/rhel6.xml:2: element name: Relax-NG validity error : Error validating datatype string
/etc/libvirt/qemu/rhel6.xml:2: element name: Relax-NG validity error : Element name failed to validate content
/etc/libvirt/qemu/rhel6.xml fails to validate
[root@dhcp210-84 ~]# 

Actual results:

Above error messages are shown in console.

Expected results:

There should not be any error.


--Humble

Comment 4 Humble Chirammal 2010-10-03 05:14:21 UTC
Created attachment 451242 [details]
This patch validates the guest domain name even-though it contains "#" in it.

Comment 5 Dave Allan 2011-03-01 16:42:23 UTC
*** Bug 638962 has been marked as a duplicate of this bug. ***

Comment 6 Dave Allan 2011-03-01 16:46:49 UTC
The domain XML schema should enforce very few, if any, limits on what a domain
can be named.  Any restrictions on name should be enforced by the hypervisor
driver, or, IMO, preferably the hypervisor itself.

Comment 12 Dave Allan 2011-12-16 17:48:20 UTC
(In reply to comment #6)
> The domain XML schema should enforce very few, if any, limits on what a domain
> can be named.  Any restrictions on name should be enforced by the hypervisor
> driver, or, IMO, preferably the hypervisor itself.

I'd favor just removing the checks on name validity, or we should document and enforce our own check so that a domain can't be created with an invalid name, but I could be convinced otherwise.  DV, what's your take on this question?

Comment 13 Eric Blake 2011-12-16 17:55:25 UTC
We do need some reasonable checking; for example, since we create $domname.log, if $domname contains '/' (or worse, consecutive '/'), then it doesn't map well to the file system, and the log file no longer matches the domain name.  But the XML should probably be a lot more permissive, and I don't know if the full restrictions should be implemented per-hypervisor instead of at the generic domain_conf parser.

Comment 15 Dave Allan 2012-01-09 21:50:03 UTC
(In reply to comment #13)
> We do need some reasonable checking; for example, since we create $domname.log,
> if $domname contains '/' (or worse, consecutive '/'), then it doesn't map well
> to the file system, and the log file no longer matches the domain name.  But
> the XML should probably be a lot more permissive, and I don't know if the full
> restrictions should be implemented per-hypervisor instead of at the generic
> domain_conf parser.

That's different from the RNG validation, though, no?

Comment 18 Eric Blake 2012-01-10 15:41:09 UTC
(In reply to comment #15)
> (In reply to comment #13)
> > We do need some reasonable checking; for example, since we create $domname.log,
> > if $domname contains '/' (or worse, consecutive '/'), then it doesn't map well
> > to the file system, and the log file no longer matches the domain name.  But
> > the XML should probably be a lot more permissive, and I don't know if the full
> > restrictions should be implemented per-hypervisor instead of at the generic
> > domain_conf parser.
> 
> That's different from the RNG validation, though, no?

Correct - there's two issues at play:
1. RNG is too strict - the code accepts things that RNG rejects
2. the code is too loose - it accepts things that don't make sense

This BZ is about relaxing RNG.  It is okay if the RNG is looser than the code (that is, if it is too hard to write an RNG pattern that rejects consecutive slashes, then we can have that restriction live in just the code).  In other words, the quickest fix would be to have the RNG accept everything, then worry about tightening the code later (and possibly re-tightening the RNG to match code at that point).

Comment 22 Peter Krempa 2012-01-26 13:45:25 UTC
The XML schema defining contents of the domain name field is relaxed by upstream commit:

commit 8a09ee4103400a47e2b6a763429288533cb8a97b
Author: Peter Krempa <pkrempa@redhat.com>
Date:   Mon Jan 23 18:41:44 2012 +0100

    schema: Relax schema for domain name
    
    The domain schema enforced restrictions on the domain name string that
    the code doesn't. This patch relaxes the check, leaving the restrictions
    on the driver or hypervisor. The only invalid character is a newline.

Comment 25 dyuan 2012-02-15 06:14:52 UTC
Verified PASS with libvirt-0.9.10-1.el6.

# cat /tmp/rhel62.xml 
<domain type='kvm'>
  <name>rhel62!@#$%^*()/\#_+":;'`,.</name>
  <memory>1048576</memory>
  <currentMemory>1048576</currentMemory>
  <vcpu>1</vcpu>
...snip...

# virt-xml-validate /tmp/rhel62.xml 
/tmp/rhel62.xml validates

Comment 26 dyuan 2012-02-15 06:26:16 UTC
For comment 25, only check the patch is okay on relaxing the check.
Definitely, can't start up a domain with the name in comment 25:-)

Comment 27 Peter Krempa 2012-05-02 12:38:35 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: 
Schema for the XML files contained stricter rules than those that were actually enforced by libvirt.

Consequence: 
Validation tools failed to validate guest XMLs that contained special characters in guest's name even if libvirt accepted the XML.

Fix:
The XML schema was relaxed to allow arbitrary strings with no limitation leaving the enforcement of rules on the hypervisor driver.

Result:
Users are able to validate that XMLs that are accepted by libvirt comply to the schemas.

Comment 29 errata-xmlrpc 2012-06-20 06:25:27 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0748.html


Note You need to log in before you can comment on or make changes to this bug.