I can confirm this on lucid:
$ /usr/lib/libvirt/virt-aa-helper -u libvirt-14412844-e1d1-4dfc-ad03-6adf185fa243 -c --dryrun < /tmp/xml
As mentioned, this is due to random_r crashing. In virt-aa-helper on Lucid, this is triggered by the call to virDomainDefParseXML(), which calls virUUIDGenerate(), which eventually calls virRandom() and then random_r(). The problem is that virRandom() is called, but virt-aa-helper never calls virRandomInitialize() (like is done in libvirt.c).
On maverick (libvirt 0.8.3), the original reproducer XML is considered invalid. Attached is XML that should trigger the flaw there as well, but only if /dev/urandom cannot by opened. The behavior changed because of:
commit 28024f2311462d7f836e9f90aea805d1861b2abe
Author: Laine Stump <email address hidden>
Date: Mon Jan 11 10:05:38 2010 +0100
Fix UUID random generator to use /dev/random
Only use pseudo-random generator for uuid if using /dev/random fails.
* src/util/uuid.c: The original code. would only print the warning
message if using /dev/random failed, but would still go ahead and call
virUUIDGeneratePseudoRandomBytes in all cases anyway.
So the reproducer is now:
$ sudo chmod 660 /dev/urandom
$ cat /tmp/672943.xml | /usr/lib/libvirt/virt-aa-helper -c -u libvirt-7d781722-69b7-8801-fe96-caf37b7a8968 --dryrun
...
Segmentation fault
$ sudo chmod 666 /dev/urandom
I can confirm this on lucid: libvirt/ virt-aa- helper -u libvirt- 14412844- e1d1-4dfc- ad03-6adf185fa2 43 -c --dryrun < /tmp/xml
$ /usr/lib/
As mentioned, this is due to random_r crashing. In virt-aa-helper on Lucid, this is triggered by the call to virDomainDefPar seXML() , which calls virUUIDGenerate(), which eventually calls virRandom() and then random_r(). The problem is that virRandom() is called, but virt-aa-helper never calls virRandomInitia lize() (like is done in libvirt.c).
On maverick (libvirt 0.8.3), the original reproducer XML is considered invalid. Attached is XML that should trigger the flaw there as well, but only if /dev/urandom cannot by opened. The behavior changed because of:
commit 28024f2311462d7 f836e9f90aea805 d1861b2abe
Author: Laine Stump <email address hidden>
Date: Mon Jan 11 10:05:38 2010 +0100
Fix UUID random generator to use /dev/random
Only use pseudo-random generator for uuid if using /dev/random fails. neratePseudoRan domBytes in all cases anyway.
* src/util/uuid.c: The original code. would only print the warning
message if using /dev/random failed, but would still go ahead and call
virUUIDGe
So the reproducer is now: libvirt/ virt-aa- helper -c -u libvirt- 7d781722- 69b7-8801- fe96-caf37b7a89 68 --dryrun
$ sudo chmod 660 /dev/urandom
$ cat /tmp/672943.xml | /usr/lib/
...
Segmentation fault
$ sudo chmod 666 /dev/urandom