Bug 851395 - xml parse error occur after upgrade to the newest package
xml parse error occur after upgrade to the newest package
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt (Show other bugs)
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: Michal Privoznik
Virtualization Bugs
: Regression
Depends On:
Blocks: 822589
  Show dependency treegraph
Reported: 2012-08-24 00:12 EDT by EricLee
Modified: 2013-02-21 02:21 EST (History)
9 users (show)

See Also:
Fixed In Version: libvirt-0.10.0-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-02-21 02:21:46 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0276 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2013-02-20 16:18:26 EST

  None (edit)
Description EricLee 2012-08-24 00:12:45 EDT
In libvirt-0.10.0-0rc1.el6, the guest xml parse is different from old packages.
There is no xml parse error in old packages, but when upgrade packages, can not parse this element, give error in libvirtd.log, and there are guests can not be list with  virsh list --all.


1. Install older package like libvirt-0.10.0-0rc0.el6.x86_64

2. define a guest like:
# virsh dumpxml mig-0
<domain type='kvm'>
  <memory unit='KiB'>1048576</memory>
  <currentMemory unit='KiB'>1048576</currentMemory>
  <vcpu placement='static'>1</vcpu>
    <type arch='x86_64' machine='rhel6.3.0'>hvm</type>
    <boot dev='hd'/>
  <clock offset='utc'/>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source file='/mnt/nfs/xxxx.img'>
        <seclabel relabel='no'/>
      <target dev='hda' bus='ide'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    <controller type='usb' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    <controller type='ide' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    <interface type='network'>
      <mac address='52:54:00:f3:c5:2e'/>
      <source network='default'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    <serial type='pty'>
      <target port='0'/>
    <console type='pty'>
      <target type='serial' port='0'/>
    <sound model='ich6'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
      <model type='cirrus' vram='9216' heads='1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
  <seclabel type='dynamic' relabel='yes'/>

3. Upgrade package to libvirt-0.10.0-0rc1.el6.x86_64 and check the libvirtd.log at the same time.

4. list guests
# virsh list --all
can not list the guest which has xml like above-mentioned.

Actual result
Get error like:
# tail -f /var/log/libvirt/libvirtd.log
2012-08-23 09:51:15.478+0000: 11413: error : virSecurityLabelDefParseXML:3129 : XML error: missing security model
2012-08-23 09:51:15.479+0000: 11413: error : virSecurityDeviceLabelDefParseXML:3230 : XML error: invalid security model

Expect result
No error and works well.

In addition, other packages are all working well using the same guest xml. So setting regression.
Comment 3 EricLee 2012-08-24 02:20:57 EDT
The  "<seclabel type='dynamic' relabel='yes'/>" will cause error in libvirtd.log:

From Bug 822589:

Define a domain with xml:
  <seclabel type='dynamic' relabel='yes'/>

# virsh start libvirt_test_api
Domain libvirt_test_api started

# virsh dumpxml libvirt_test_api

check xml:
  <seclabel type='dynamic' relabel='yes'/>
  <seclabel type='dynamic' model='dac' relabel='yes'>
  <seclabel type='dynamic' model='selinux' relabel='yes'>

After domain started, dac and selinux model seclabel are added, but the seclabel without model also stay.

check in log:
2012-08-24 04:06:34.073+0000: 27164: error : virSecurityLabelDefParseXML:3129 : XML error: missing security model

So the problem maybe due to that bug https://bugzilla.redhat.com/show_bug.cgi?id=822589.
Comment 4 Laine Stump 2012-08-24 16:04:28 EDT
Michal fixed this problem in the following patch pushed upstream (in response comments in Bug 822589, which is tracking the addition of the new feature whose patches caused this regression):

commit 0ee655f5f5ade7cb33e1f93af18c6948591d0fba
Author: Michal Privoznik <mprivozn@redhat.com>
Date:   Fri Aug 24 14:59:59 2012 +0200

    conf: Don't always require security/@model
    Only parse model, if static labelling, or
    a base label is set, or doing active XML.
Comment 6 yanbing du 2012-08-30 05:35:43 EDT
Verify this bug with libvirt-0.10.0-1.el6.x86_64.
Update from 0.10.0-0rc0.el6.x86_64 to libvirt-0.10.0-1.el6.x86_64, the old guest still keep its status and no xml parse error.
So move to VERIFIED.
Comment 7 errata-xmlrpc 2013-02-21 02:21:46 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.