RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 888748 - [RFE] Perform RNG schema validation on XML definitions
Summary: [RFE] Perform RNG schema validation on XML definitions
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.0
Hardware: x86_64
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Jiri Denemark
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 1046516 (view as bug list)
Depends On:
Blocks: 807834 1252514
TreeView+ depends on / blocked
 
Reported: 2012-12-19 12:03 UTC by weizhang
Modified: 2016-04-26 14:21 UTC (History)
13 users (show)

Fixed In Version: libvirt-1.2.15-2.el7
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 05:36:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2202 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2015-11-19 08:17:58 UTC

Description weizhang 2012-12-19 12:03:46 UTC 
Description of problem:
when edit domain by adding
  <pm>
    <suspend-to-disk enable='no'/>        <= should be "enabled"
    <suspend-to-mem enable='yes'/>        <= should be "enabled"
  </pm>

and save, there is no check like
Failed. Try again? [y,n,f,?]

and the this part will be removed directly
also find the same problem for seclabel


Version-Release number of selected component (if applicable):
libvirt-0.10.2-12.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
edit guest by adding
  <pm>
    <suspend-to-disk enable='no'/>
    <suspend-to-mem enable='yes'/>
  </pm>

and save
  
Actual results:
xml saved without prompt failed

Expected results:
xml tell the error Location and prompt
Failed. Try again? [y,n,f,?]


Additional info:
Comment 1 Daniel Berrangé 2012-12-19 12:26:18 UTC 
The XML parsers in libvirt are only able to report errors for attributes that they actually know about. This type of problem you describe is only solvable by doing RNG schema validation. This is an age old request. We basically need to make virDomainDefineXML (and similar APIs) have a VIR_DOMAIN_XML_VALIDATE flag to let virsh request the libvirt perform schema validation.

virsh can't do this directly, because it may be connecting to a remote libvirtd, which has different RNG versions than virsh has locally.
Comment 3 Jiri Denemark 2013-12-03 08:58:06 UTC 
*** Bug 1037454 has been marked as a duplicate of this bug. ***
Comment 4 EricLee 2013-12-25 03:43:39 UTC 
We are not sure how this bug will be fixed, but we found other problem like this also like bug 1037454:
Libvirt will ignore invalid elements when define or edit.

1. edit a defined guest to add removable='on' or removable='off' to a usb disk.
   # virsh edit rhel7
...
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source file='/var/lib/libvirt/images/t2.img'/>
      <target dev='sdc' bus='usb' removable='on/off'/>
    </disk>
...

and save successfully.

2. but dumpxml can not see the removeable element, that means libvirt ignore the modification.

3. define a new guest with disk:
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source file='/var/lib/libvirt/images/t2.img'/>
      <target dev='sdc' bus='usb' removable='on/off'/>
    </disk>

define successfully, but dumpxml still can not see removable element in it.

But there is conflict from virt-xml-validate:
# virt-xml-validate rt.xml
Relax-NG validity error : Extra element devices in interleave
rt.xml:19: element devices: Relax-NG validity error : Element domain failed to validate content
rt.xml fails to validate

Just for this element, I can see ""removable" attribute value since 1.1.3" from libvirt.org, that means upstream is supporting now, but in downstream not.

Not just for this element, anyone else for example adding test='test' also has the same work flow.
Comment 5 Peter Krempa 2014-01-06 09:56:33 UTC 
*** Bug 1046516 has been marked as a duplicate of this bug. ***
Comment 7 Jiri Denemark 2014-09-02 13:39:59 UTC 
(In reply to Daniel Berrange from comment #1)
> The XML parsers in libvirt are only able to report errors for attributes
> that they actually know about. This type of problem you describe is only
> solvable by doing RNG schema validation. This is an age old request. We
> basically need to make virDomainDefineXML (and similar APIs) have a
> VIR_DOMAIN_XML_VALIDATE flag to let virsh request the libvirt perform schema
> validation.

Actually, making validation optional with VIR_DOMAIN_XML_VALIDATE would require creating lots of new APIs since most of *DefineXML API do not support flags. I think we could always validate the XMLs passed to *DefineXML APIs. Do know any reason why we should not make validation mandatory?
Comment 8 Daniel Berrangé 2014-09-02 13:47:32 UTC 
(In reply to Jiri Denemark from comment #7)
> (In reply to Daniel Berrange from comment #1)
> > The XML parsers in libvirt are only able to report errors for attributes
> > that they actually know about. This type of problem you describe is only
> > solvable by doing RNG schema validation. This is an age old request. We
> > basically need to make virDomainDefineXML (and similar APIs) have a
> > VIR_DOMAIN_XML_VALIDATE flag to let virsh request the libvirt perform schema
> > validation.
> 
> Actually, making validation optional with VIR_DOMAIN_XML_VALIDATE would
> require creating lots of new APIs since most of *DefineXML API do not
> support flags. I think we could always validate the XMLs passed to
> *DefineXML APIs. Do know any reason why we should not make validation
> mandatory?

I can't think of any application I know that is careful enough to ensure they don't pass new XML elements/attributes to older libvirt versions. Until we added the virDomainGetCapabilities() API we didn't even provide apps enough info to tell what features the libvirt they use supports. Even now we have that API, we don't expose enough info in it yet for apps to be able to rely on it to see what XML they can pass. So making schema validation mandatory will almost certainly break the majority of libvirt applications.
Comment 9 Jiri Denemark 2014-09-02 14:01:23 UTC 
Oh right, in that case we need to provide new *DefineXML APIs with flags. Sigh.
Comment 12 Fangge Jin 2015-08-04 03:31:47 UTC 
I can reproduce this bug on build libvirt-1.1.1-29.el7.x86_64

Verify this bug on build libvirt-1.2.17-3.el7.x86_64

Scenario 1: virsh edit
Edit the guest xml as below:
<pm>
<suspend-to-disk enable='no'/>
<suspend-to-mem enable='yes'/>
</pm>

1) # virsh edit mig2
    error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
    Extra element pm in interleave
    Element domain failed to validate content

Failed. Try again? [y,n,i,f,?]:

2) # virsh edit mig2 --skip-validate
Domain mig2 XML configuration edited.


Scenario 2: virsh define
Prepare a guest xml as below:
<pm>
<suspend-to-disk enable='no'/>
<suspend-to-mem enable='yes'/>
</pm>

1) # virsh define mig2.xml --validate
error: Failed to define domain from mig2.xml
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element pm in interleave
Element domain failed to validate content

2) # virsh define mig2.xml
Domain mig2 defined from mig2.xml


Scenario 3: virsh create
Prepare a guest xml as below:
<pm>
<suspend-to-disk enable='no'/>
<suspend-to-mem enable='yes'/>
</pm>

1) # virsh create mig2.xml --validate
error: Failed to create domain from mig2.xml
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element pm in interleave
Element domain failed to validate content

2) # virsh create mig2.xml
Domain mig2 created from mig2.xml


Since there are lots of changes for this bug, I don't know if I have enough verification?
Comment 14 Jiri Denemark 2015-09-01 11:53:39 UTC 
It took me a while to notice you used "enable" instead of "enabled" as the attribute name in suspend-to-* elements and that this caused libvirt to refuse to validate the XML (it was OK at first sight) :-)

I think what you did is enough to verify libvirt validates domain XML when asked to do so.
Comment 16 errata-xmlrpc 2015-11-19 05:36:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2202.html
Note You need to log in before you can comment on or make changes to this bug.