RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 851395 - xml parse error occur after upgrade to the newest package
Summary: xml parse error occur after upgrade to the newest package
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.4
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Michal Privoznik
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 822589
TreeView+ depends on / blocked
 
Reported: 2012-08-24 04:12 UTC by EricLee
Modified: 2013-02-21 07:21 UTC (History)
9 users (show)

Fixed In Version: libvirt-0.10.0-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-21 07:21:46 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0276 0 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2013-02-20 21:18:26 UTC

Description EricLee 2012-08-24 04:12:45 UTC
Description
In libvirt-0.10.0-0rc1.el6, the guest xml parse is different from old packages.
There is no xml parse error in old packages, but when upgrade packages, can not parse this element, give error in libvirtd.log, and there are guests can not be list with  virsh list --all.

version
libvirt-0.10.0-0rc1.el6.x86_64

Steps
1. Install older package like libvirt-0.10.0-0rc0.el6.x86_64

2. define a guest like:
# virsh dumpxml mig-0
<domain type='kvm'>
  <name>mig-0</name>
  <uuid>4926ef97-bbe3-b831-6dec-9611156ecdbf</uuid>
  <memory unit='KiB'>1048576</memory>
  <currentMemory unit='KiB'>1048576</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <os>
    <type arch='x86_64' machine='rhel6.3.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source file='/mnt/nfs/xxxx.img'>
        <seclabel relabel='no'/>
      </source>
      <target dev='hda' bus='ide'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <controller type='ide' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </controller>
    <interface type='network'>
      <mac address='52:54:00:f3:c5:2e'/>
      <source network='default'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type='pty'>
      <target port='0'/>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <sound model='ich6'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </sound>
    <video>
      <model type='cirrus' vram='9216' heads='1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' relabel='yes'/>
</domain>

3. Upgrade package to libvirt-0.10.0-0rc1.el6.x86_64 and check the libvirtd.log at the same time.

4. list guests
# virsh list --all
can not list the guest which has xml like above-mentioned.

Actual result
Get error like:
# tail -f /var/log/libvirt/libvirtd.log
.....
2012-08-23 09:51:15.478+0000: 11413: error : virSecurityLabelDefParseXML:3129 : XML error: missing security model
2012-08-23 09:51:15.479+0000: 11413: error : virSecurityDeviceLabelDefParseXML:3230 : XML error: invalid security model
.....

Expect result
No error and works well.

In addition, other packages are all working well using the same guest xml. So setting regression.

Comment 3 EricLee 2012-08-24 06:20:57 UTC
The  "<seclabel type='dynamic' relabel='yes'/>" will cause error in libvirtd.log:

From Bug 822589:

Define a domain with xml:
...
  <seclabel type='dynamic' relabel='yes'/>
...

# virsh start libvirt_test_api
Domain libvirt_test_api started

# virsh dumpxml libvirt_test_api

check xml:
...
  <seclabel type='dynamic' relabel='yes'/>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>107:107</label>
    <imagelabel>107:107</imagelabel>
  </seclabel>
  <seclabel type='dynamic' model='selinux' relabel='yes'>
    <label>unconfined_u:system_r:svirt_t:s0:c39,c243</label>
    <imagelabel>unconfined_u:object_r:svirt_image_t:s0:c39,c243</imagelabel>
  </seclabel>
...

After domain started, dac and selinux model seclabel are added, but the seclabel without model also stay.

check in log:
2012-08-24 04:06:34.073+0000: 27164: error : virSecurityLabelDefParseXML:3129 : XML error: missing security model

So the problem maybe due to that bug https://bugzilla.redhat.com/show_bug.cgi?id=822589.

Comment 4 Laine Stump 2012-08-24 20:04:28 UTC
Michal fixed this problem in the following patch pushed upstream (in response comments in Bug 822589, which is tracking the addition of the new feature whose patches caused this regression):

commit 0ee655f5f5ade7cb33e1f93af18c6948591d0fba
Author: Michal Privoznik <mprivozn>
Date:   Fri Aug 24 14:59:59 2012 +0200

    conf: Don't always require security/@model
    
    Only parse model, if static labelling, or
    a base label is set, or doing active XML.

Comment 6 yanbing du 2012-08-30 09:35:43 UTC
Verify this bug with libvirt-0.10.0-1.el6.x86_64.
Update from 0.10.0-0rc0.el6.x86_64 to libvirt-0.10.0-1.el6.x86_64, the old guest still keep its status and no xml parse error.
So move to VERIFIED.

Comment 7 errata-xmlrpc 2013-02-21 07:21:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html


Note You need to log in before you can comment on or make changes to this bug.