virt-aa-helper crashes when domain XML does not contain <uuid>

This is not a problem on Maverick and later:
$ cat /tmp/xml | /usr/lib/libvirt/virt-aa-helper -u libvirt-14412844-e1d1-4dfc-ad03-6adf185fa243 -c --dryrun
virt-aa-helper: error: could not parse XML
virt-aa-helper: error: could not get VM definition

I can confirm this on lucid:
$ /usr/lib/libvirt/virt-aa-helper -u libvirt-14412844-e1d1-4dfc-ad03-6adf185fa243 -c --dryrun < /tmp/xml

As mentioned, this is due to random_r crashing. In virt-aa-helper on Lucid, this is triggered by the call to virDomainDefParseXML(), which calls virUUIDGenerate(), which eventually calls virRandom() and then random_r(). The problem is that virRandom() is called, but virt-aa-helper never calls virRandomInitialize() (like is done in libvirt.c).

On maverick (libvirt 0.8.3), the original reproducer XML is considered invalid. Attached is XML that should trigger the flaw there as well, but only if /dev/urandom cannot by opened. The behavior changed because of:

commit 28024f2311462d7f836e9f90aea805d1861b2abe
Author: Laine Stump <email address hidden>
Date: Mon Jan 11 10:05:38 2010 +0100

    Fix UUID random generator to use /dev/random

    Only use pseudo-random generator for uuid if using /dev/random fails.
    * src/util/uuid.c: The original code. would only print the warning
      message if using /dev/random failed, but would still go ahead and call
      virUUIDGeneratePseudoRandomBytes in all cases anyway.

So the reproducer is now:
$ sudo chmod 660 /dev/urandom
$ cat /tmp/672943.xml | /usr/lib/libvirt/virt-aa-helper -c -u libvirt-7d781722-69b7-8801-fe96-caf37b7a8968 --dryrun
...
Segmentation fault
$ sudo chmod 666 /dev/urandom

wodny,

Were you able to trigger this via normal virsh (or something else like virt-manager)? virt-aa-helper is not intended to be run by itself (except for debugging) and this particular invocation should not ever occur when using the userspace tools since 'create' and 'define' should generate the UUID with libvirtd and then libvirtd will spawn virt-aa-helper with the UUID in the XML. This is a bug that needs to be fixed, but if it can't be triggered in the userspace tools then it probably isn't something we would fix in the stable releases.

Here is a preliminary patch against 0.8.5, but it should work against maverick, etc al.

Sent the following patch for upstream comment.

@Jamie Strandboge (#4)

Sorry for my late response, I haven't been home for a week.

This was achieved manually only during a debug process associated with bug 672948.

This bug was fixed in the package libvirt - 0.8.5-0ubuntu2

---------------
libvirt (0.8.5-0ubuntu2) natty; urgency=low

  [ Serge Hallyn ]
  * Apply patch: 'build: cleanup declaration of xen tests.' to fix
    the FTBFS for ppc and arm (which are configured without xen).

  [ Jamie Strandboge ]
  * debian/patches/9023-vah-require-uuid.patch: require <uuid> in domain
    XML (LP: #672943)
  * debian/libvirt-bin.cron.daily: use shell globbing to enumerate xml files.
    Based on patch thanks to Henryk Plötz (LP: #655176)
 -- Jamie Strandboge <email address hidden> Tue, 16 Nov 2010 14:15:42 -0600

Marking Maverick and Lucid tasks as "Won't Fix" for now, since virt-aa-helper is not intended to be used by regular users, libvirtd will always provide XML with the uuid, and there is no apparent security issue.