Comment 3 for bug 672943

I can confirm this on lucid:
$ /usr/lib/libvirt/virt-aa-helper -u libvirt-14412844-e1d1-4dfc-ad03-6adf185fa243 -c --dryrun < /tmp/xml

As mentioned, this is due to random_r crashing. In virt-aa-helper on Lucid, this is triggered by the call to virDomainDefParseXML(), which calls virUUIDGenerate(), which eventually calls virRandom() and then random_r(). The problem is that virRandom() is called, but virt-aa-helper never calls virRandomInitialize() (like is done in libvirt.c).

On maverick (libvirt 0.8.3), the original reproducer XML is considered invalid. Attached is XML that should trigger the flaw there as well, but only if /dev/urandom cannot by opened. The behavior changed because of:

commit 28024f2311462d7f836e9f90aea805d1861b2abe
Author: Laine Stump <email address hidden>
Date: Mon Jan 11 10:05:38 2010 +0100

    Fix UUID random generator to use /dev/random

    Only use pseudo-random generator for uuid if using /dev/random fails.
    * src/util/uuid.c: The original code. would only print the warning
      message if using /dev/random failed, but would still go ahead and call
      virUUIDGeneratePseudoRandomBytes in all cases anyway.

So the reproducer is now:
$ sudo chmod 660 /dev/urandom
$ cat /tmp/672943.xml | /usr/lib/libvirt/virt-aa-helper -c -u libvirt-7d781722-69b7-8801-fe96-caf37b7a8968 --dryrun
...
Segmentation fault
$ sudo chmod 666 /dev/urandom