[PATCH] Github issue #306: Creating a guest OS whose name contain spaces causes it to fail.

From: "Otavio R. Piske" <angusyoung@gmail.com> Kimchi fails to start the guest OS if the user names it with spaces. As pointed in the issue #306, other VM management interfaces prevent the user from creating a guest OS if the name contain invalid characters. This patch adds a validation logic that prevents the user from naming a Guest OS with anything other than alphanumeric chars, '-', '.' or '_'. Signed-off-by: Otavio R. Piske <angusyoung@gmail.com> --- ui/js/src/kimchi.guest_add_main.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ui/js/src/kimchi.guest_add_main.js b/ui/js/src/kimchi.guest_add_main.js index 2085562..b65f2ef 100644 --- a/ui/js/src/kimchi.guest_add_main.js +++ b/ui/js/src/kimchi.guest_add_main.js @@ -53,6 +53,18 @@ kimchi.guest_add_main = function() { if (!$('input[name=template]:checked', '#templateTile').val()) { return false; } + + var name = $('input[name=name]', '#form-vm-add').val(); + + /* This regex should match anything that it's not an alphanumeric + * string, -, ., or _. + */ + var invalidChars = /[^A-Za-z0-9\-\.\_]/g; + + if (invalidChars.exec(name)) { + return false; + } + return true; } @@ -60,6 +72,9 @@ kimchi.guest_add_main = function() { if (validateForm()) { $('#vm-doAdd').removeAttr('disabled'); } + else { + $('#vm-doAdd').attr('disabled', 'disabled'); + } }); var addGuest = function(event) { -- 1.7.10.4

As I added to the GitHub issue page (https://github.com/kimchi-project/kimchi/issues/306#issuecomment-33068988), I don't think having a space in a VM's name is a problem. I am able to create a VM named "hello world" using Kimchi and virsh. We should not add a limitation like this one to Kimchi (i.e. restricting the VM name) if there's not a real reason to. Am 22-01-2014 19:01, schrieb Otavio R. Piske:
From: "Otavio R. Piske" <angusyoung@gmail.com>
Kimchi fails to start the guest OS if the user names it with spaces. As pointed in the issue #306, other VM management interfaces prevent the user from creating a guest OS if the name contain invalid characters.
This patch adds a validation logic that prevents the user from naming a Guest OS with anything other than alphanumeric chars, '-', '.' or '_'.
Signed-off-by: Otavio R. Piske <angusyoung@gmail.com>

On 01/22/2014 07:19 PM, Crístian Viana wrote:
As I added to the GitHub issue page (https://github.com/kimchi-project/kimchi/issues/306#issuecomment-33068988), I don't think having a space in a VM's name is a problem. I am able to create a VM named "hello world" using Kimchi and virsh.
We should not add a limitation like this one to Kimchi (i.e. restricting the VM name) if there's not a real reason to.
Agree. Seems this problem is on a deeper layer. In a quick search on the internet I found a lot of forums related to "libvirtError: internal error cannot load AppArmor profile" We need to investigate more to find the root cause.
Am 22-01-2014 19:01, schrieb Otavio R. Piske:
From: "Otavio R. Piske" <angusyoung@gmail.com>
Kimchi fails to start the guest OS if the user names it with spaces. As pointed in the issue #306, other VM management interfaces prevent the user from creating a guest OS if the name contain invalid characters.
This patch adds a validation logic that prevents the user from naming a Guest OS with anything other than alphanumeric chars, '-', '.' or '_'.
Signed-off-by: Otavio R. Piske <angusyoung@gmail.com>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel

I see your point. I did a quick research and it seems to be a limitation on virt-aa-helper: root@orpiske:/etc/libvirt/qemu# cat ubuntu_12_04\ with\ spaces.xml | /usr/lib/libvirt/virt-aa-helper -d -p 0 -r -u libvirt-61d77fad-bb1f-49fa-93e1-2b70a5cb8f4c ; echo $? virt-aa-helper: error: bad name virt-aa-helper: error: could not get VM definition 1 Whereas, this works: root@orpiske:/etc/libvirt/qemu# cat ubuntu_12_04.xml | /usr/lib/libvirt/virt-aa-helper -d -p 0 -r -u libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3 ; echo $? virt-aa-helper: /etc/apparmor.d/libvirt/libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3.files virt-aa-helper: "/var/log/libvirt/**/ubuntu_12_04.log" w, "/var/lib/libvirt/**/ubuntu_12_04.monitor" rw, "/var/run/libvirt/**/ubuntu_12_04.pid" rwk, "/run/libvirt/**/ubuntu_12_04.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.ubuntu_12_04" rw, "/run/libvirt/**/*.tunnelmigrate.dest.ubuntu_12_04" rw, "/var/lib/libvirt/images/d020c07a-b8d5-40f3-b02b-3df5ed6d06b3-0.img" rw, "/home/orpiske/vms/isos/ubuntu-12.04.3-desktop-i386.iso" r, # don't audit writes to readonly files deny "/home/orpiske/vms/isos/ubuntu-12.04.3-desktop-i386.iso" w, 0 I decided to dig further and I took a look at virt-aa-helper source code and it does, indeed, check if the name does not contain spaces (as well as one of /, [, ] and *). Because of that, it seems that it's unable to load/recreate (?) the profile. Does it make sense to you? And, if yes, what would you suggest as an appropriate work-around in this case? On Thu, Jan 23, 2014 at 5:48 PM, Aline Manera <alinefm@linux.vnet.ibm.com>wrote:
On 01/22/2014 07:19 PM, Crístian Viana wrote:
As I added to the GitHub issue page (https://github.com/kimchi- project/kimchi/issues/306#issuecomment-33068988), I don't think having a space in a VM's name is a problem. I am able to create a VM named "hello world" using Kimchi and virsh.
We should not add a limitation like this one to Kimchi (i.e. restricting the VM name) if there's not a real reason to.
Agree.
Seems this problem is on a deeper layer. In a quick search on the internet I found a lot of forums related to "libvirtError: internal error cannot load AppArmor profile" We need to investigate more to find the root cause.
Am 22-01-2014 19:01, schrieb Otavio R. Piske:
From: "Otavio R. Piske" <angusyoung@gmail.com>
Kimchi fails to start the guest OS if the user names it with spaces. As pointed in the issue #306, other VM management interfaces prevent the user from creating a guest OS if the name contain invalid characters.
This patch adds a validation logic that prevents the user from naming a Guest OS with anything other than alphanumeric chars, '-', '.' or '_'.
Signed-off-by: Otavio R. Piske <angusyoung@gmail.com>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Otavio R. Piske http://orpiske.net

On 01/23/2014 08:57 PM, Otavio Rodolfo Piske wrote:
I see your point. I did a quick research and it seems to be a limitation on virt-aa-helper:
root@orpiske:/etc/libvirt/qemu# cat ubuntu_12_04\ with\ spaces.xml | /usr/lib/libvirt/virt-aa-helper -d -p 0 -r -u libvirt-61d77fad-bb1f-49fa-93e1-2b70a5cb8f4c ; echo $? virt-aa-helper: error: bad name virt-aa-helper: error: could not get VM definition 1
Whereas, this works:
root@orpiske:/etc/libvirt/qemu# cat ubuntu_12_04.xml | /usr/lib/libvirt/virt-aa-helper -d -p 0 -r -u libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3 ; echo $? virt-aa-helper: /etc/apparmor.d/libvirt/libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3.files virt-aa-helper: "/var/log/libvirt/**/ubuntu_12_04.log" w, "/var/lib/libvirt/**/ubuntu_12_04.monitor" rw, "/var/run/libvirt/**/ubuntu_12_04.pid" rwk, "/run/libvirt/**/ubuntu_12_04.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.ubuntu_12_04" rw, "/run/libvirt/**/*.tunnelmigrate.dest.ubuntu_12_04" rw, "/var/lib/libvirt/images/d020c07a-b8d5-40f3-b02b-3df5ed6d06b3-0.img" rw, "/home/orpiske/vms/isos/ubuntu-12.04.3-desktop-i386.iso" r, # don't audit writes to readonly files deny "/home/orpiske/vms/isos/ubuntu-12.04.3-desktop-i386.iso" w,
0
I decided to dig further and I took a look at virt-aa-helper source code and it does, indeed, check if the name does not contain spaces (as well as one of /, [, ] and *). Because of that, it seems that it's unable to load/recreate (?) the profile.
Do you mean libvirt blocks domain name with those characters? As Cristian mentioned, it seems to be a Ubuntu only problem. Which Ubuntu version are you using? What is the libvirt version? I find this problem on Ubuntu 12.10 and libvirt 0.9.13 alinefm@alinefm:~/libvirt$ libvirtd --version libvirtd (libvirt) 0.9.13 But I've just checked the latest libvirt (from source code) on same Ubuntu node and I was able to create and start a domain (which name contains spaces) The current upstream version is 1.2.1 alinefm@alinefm:~/libvirt$ sudo ./daemon/libvirtd -d alinefm@alinefm:~/libvirt$ sudo tools/virsh -c qemu:///system Welcome to lt-virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # list --all Id Name State ---------------------------------------------------- - fedora18-iso-stream shut off - Fedora19 shut off - openSUSE-13-1 shut off - RHEL6.5 shut off - Ubuntu13-10 shut off - with spaces shut off virsh # start 'with spaces' Domain with spaces started virsh # destroy 'with spaces' Domain with spaces destroyed
Does it make sense to you? And, if yes, what would you suggest as an appropriate work-around in this case?
On Thu, Jan 23, 2014 at 5:48 PM, Aline Manera <alinefm@linux.vnet.ibm.com <mailto:alinefm@linux.vnet.ibm.com>> wrote:
On 01/22/2014 07:19 PM, Crístian Viana wrote:
As I added to the GitHub issue page (https://github.com/kimchi-project/kimchi/issues/306#issuecomment-33068988), I don't think having a space in a VM's name is a problem. I am able to create a VM named "hello world" using Kimchi and virsh.
We should not add a limitation like this one to Kimchi (i.e. restricting the VM name) if there's not a real reason to.
Agree.
Seems this problem is on a deeper layer. In a quick search on the internet I found a lot of forums related to "libvirtError: internal error cannot load AppArmor profile" We need to investigate more to find the root cause.
Am 22-01-2014 19:01, schrieb Otavio R. Piske:
From: "Otavio R. Piske" <angusyoung@gmail.com <mailto:angusyoung@gmail.com>>
Kimchi fails to start the guest OS if the user names it with spaces. As pointed in the issue #306, other VM management interfaces prevent the user from creating a guest OS if the name contain invalid characters.
This patch adds a validation logic that prevents the user from naming a Guest OS with anything other than alphanumeric chars, '-', '.' or '_'.
Signed-off-by: Otavio R. Piske <angusyoung@gmail.com <mailto:angusyoung@gmail.com>>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org <mailto:Kimchi-devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Otavio R. Piske http://orpiske.net

On Thu, Jan 23, 2014 at 10:40 PM, Aline Manera <alinefm@linux.vnet.ibm.com>wrote:
On 01/23/2014 08:57 PM, Otavio Rodolfo Piske wrote:
I see your point. I did a quick research and it seems to be a limitation on virt-aa-helper:
root@orpiske:/etc/libvirt/qemu# cat ubuntu_12_04\ with\ spaces.xml | /usr/lib/libvirt/virt-aa-helper -d -p 0 -r -u libvirt-61d77fad-bb1f-49fa-93e1-2b70a5cb8f4c ; echo $? virt-aa-helper: error: bad name virt-aa-helper: error: could not get VM definition 1
Whereas, this works:
root@orpiske:/etc/libvirt/qemu# cat ubuntu_12_04.xml | /usr/lib/libvirt/virt-aa-helper -d -p 0 -r -u libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3 ; echo $? virt-aa-helper: /etc/apparmor.d/libvirt/libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3.files virt-aa-helper: "/var/log/libvirt/**/ubuntu_12_04.log" w, "/var/lib/libvirt/**/ubuntu_12_04.monitor" rw, "/var/run/libvirt/**/ubuntu_12_04.pid" rwk, "/run/libvirt/**/ubuntu_12_04.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.ubuntu_12_04" rw, "/run/libvirt/**/*.tunnelmigrate.dest.ubuntu_12_04" rw, "/var/lib/libvirt/images/d020c07a-b8d5-40f3-b02b-3df5ed6d06b3-0.img" rw, "/home/orpiske/vms/isos/ubuntu-12.04.3-desktop-i386.iso" r, # don't audit writes to readonly files deny "/home/orpiske/vms/isos/ubuntu-12.04.3-desktop-i386.iso" w,
0
I decided to dig further and I took a look at virt-aa-helper source code and it does, indeed, check if the name does not contain spaces (as well as one of /, [, ] and *). Because of that, it seems that it's unable to load/recreate (?) the profile.
Do you mean libvirt blocks domain name with those characters?
More specifically: I mean that virt-aa-helper does.
As Cristian mentioned, it seems to be a Ubuntu only problem.
I couldn't check on other distros, as I only have Ubuntu at hand, but I believe this might be the case.
Which Ubuntu version are you using? What is the libvirt version?
I am running Ubuntu 12.10 with libvirt 0.9.13: # orpiske at orpiske in ~/code/foss/libvirt [20:44:08] $ libvirtd --version libvirtd (libvirt) 0.9.13 I am using Ubuntu's libvirtd. This might explain why it works on your system and not on mine. For instance, this is what happens when I try to do the same here: virsh # start 'ubuntu_12_04 with spaces' error: Failed to start domain ubuntu_12_04 with spaces error: internal error cannot load AppArmor profile 'libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3' So, my understanding is that this is specific to Ubuntu with the system's default libvirt. I'll try to setup another system using a newer Ubuntu version, using the system's default libvirt and check what happens.
I find this problem on Ubuntu 12.10 and libvirt 0.9.13
alinefm@alinefm:~/libvirt$ libvirtd --version libvirtd (libvirt) 0.9.13
But I've just checked the latest libvirt (from source code) on same Ubuntu node and I was able to create and start a domain (which name contains spaces) The current upstream version is 1.2.1
alinefm@alinefm:~/libvirt$ sudo ./daemon/libvirtd -d alinefm@alinefm:~/libvirt$ sudo tools/virsh -c qemu:///system Welcome to lt-virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh # list --all Id Name State ---------------------------------------------------- - fedora18-iso-stream shut off - Fedora19 shut off - openSUSE-13-1 shut off - RHEL6.5 shut off - Ubuntu13-10 shut off - with spaces shut off
virsh # start 'with spaces' Domain with spaces started
virsh # destroy 'with spaces' Domain with spaces destroyed
Does it make sense to you? And, if yes, what would you suggest as an appropriate work-around in this case?
On Thu, Jan 23, 2014 at 5:48 PM, Aline Manera <alinefm@linux.vnet.ibm.com>wrote:
On 01/22/2014 07:19 PM, Crístian Viana wrote:
As I added to the GitHub issue page ( https://github.com/kimchi-project/kimchi/issues/306#issuecomment-33068988), I don't think having a space in a VM's name is a problem. I am able to create a VM named "hello world" using Kimchi and virsh.
We should not add a limitation like this one to Kimchi (i.e. restricting the VM name) if there's not a real reason to.
Agree.
Seems this problem is on a deeper layer. In a quick search on the internet I found a lot of forums related to "libvirtError: internal error cannot load AppArmor profile" We need to investigate more to find the root cause.
Am 22-01-2014 19:01, schrieb Otavio R. Piske:
From: "Otavio R. Piske" <angusyoung@gmail.com>
Kimchi fails to start the guest OS if the user names it with spaces. As pointed in the issue #306, other VM management interfaces prevent the user from creating a guest OS if the name contain invalid characters.
This patch adds a validation logic that prevents the user from naming a Guest OS with anything other than alphanumeric chars, '-', '.' or '_'.
Signed-off-by: Otavio R. Piske <angusyoung@gmail.com>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Otavio R. Piske http://orpiske.net
-- Otavio R. Piske http://orpiske.net

While I couldn't test on newer Ubuntu versions due to lack a spare box, I think I found a solution / work-around to this: disabling virt-aa-helper. Before I start, here's some background information about it, taken from the AppArmor documentation: "When a VM is started, libvirtd decides whether to ask virt-aa-helper to create a new profile or modify an existing one. If no profile exists, libvirtd asks virt-aa-helper to generate the new base profile, in this case /etc/apparmor.d/libvirt/libvirt-a22e3930-d87a-584e-22b2-1d8950212bac, which it does based on /etc/apparmor.d/libvirt/TEMPLATE. Notice, the new profile has a profile name that is based on the guest’s UUID. Once the base profile is created, virt-aa-helper works the same for create and modify: virt-aa-helper will determine what files are required for the guest to run (eg kernel, initrd, disk, serial, etc), updates /etc/apparmor.d/libvirt/libvirt-a22e3930-d87a-584e-22b2-1d8950212bac.files, then loads the profile into the kernel." Disabling it is pretty simple: you just have to set the security driver in /etc/libvirtd/qemu.conf to "none". Like this: security_driver = "none" After that, restart libvirt: /etc/init.d/libvirt-bin restart Now it starts without calling virt-aa-helper: virsh # start 'ubuntu_12_04 with spaces' Domain ubuntu_12_04 with spaces started You may want to add that information to the documentation about this ... With a note that this may decrease the system's security. On Thu, Jan 23, 2014 at 11:00 PM, Otavio Rodolfo Piske <angusyoung@gmail.com
wrote:
On Thu, Jan 23, 2014 at 10:40 PM, Aline Manera <alinefm@linux.vnet.ibm.com
wrote:
On 01/23/2014 08:57 PM, Otavio Rodolfo Piske wrote:
I see your point. I did a quick research and it seems to be a limitation on virt-aa-helper:
root@orpiske:/etc/libvirt/qemu# cat ubuntu_12_04\ with\ spaces.xml | /usr/lib/libvirt/virt-aa-helper -d -p 0 -r -u libvirt-61d77fad-bb1f-49fa-93e1-2b70a5cb8f4c ; echo $? virt-aa-helper: error: bad name virt-aa-helper: error: could not get VM definition 1
Whereas, this works:
root@orpiske:/etc/libvirt/qemu# cat ubuntu_12_04.xml | /usr/lib/libvirt/virt-aa-helper -d -p 0 -r -u libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3 ; echo $? virt-aa-helper: /etc/apparmor.d/libvirt/libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3.files virt-aa-helper: "/var/log/libvirt/**/ubuntu_12_04.log" w, "/var/lib/libvirt/**/ubuntu_12_04.monitor" rw, "/var/run/libvirt/**/ubuntu_12_04.pid" rwk, "/run/libvirt/**/ubuntu_12_04.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.ubuntu_12_04" rw, "/run/libvirt/**/*.tunnelmigrate.dest.ubuntu_12_04" rw, "/var/lib/libvirt/images/d020c07a-b8d5-40f3-b02b-3df5ed6d06b3-0.img" rw, "/home/orpiske/vms/isos/ubuntu-12.04.3-desktop-i386.iso" r, # don't audit writes to readonly files deny "/home/orpiske/vms/isos/ubuntu-12.04.3-desktop-i386.iso" w,
0
I decided to dig further and I took a look at virt-aa-helper source code and it does, indeed, check if the name does not contain spaces (as well as one of /, [, ] and *). Because of that, it seems that it's unable to load/recreate (?) the profile.
Do you mean libvirt blocks domain name with those characters?
More specifically: I mean that virt-aa-helper does.
As Cristian mentioned, it seems to be a Ubuntu only problem.
I couldn't check on other distros, as I only have Ubuntu at hand, but I believe this might be the case.
Which Ubuntu version are you using? What is the libvirt version?
I am running Ubuntu 12.10 with libvirt 0.9.13:
# orpiske at orpiske in ~/code/foss/libvirt [20:44:08]
$ libvirtd --version libvirtd (libvirt) 0.9.13
I am using Ubuntu's libvirtd. This might explain why it works on your system and not on mine. For instance, this is what happens when I try to do the same here:
virsh # start 'ubuntu_12_04 with spaces' error: Failed to start domain ubuntu_12_04 with spaces error: internal error cannot load AppArmor profile 'libvirt-d020c07a-b8d5-40f3-b02b-3df5ed6d06b3'
So, my understanding is that this is specific to Ubuntu with the system's default libvirt. I'll try to setup another system using a newer Ubuntu version, using the system's default libvirt and check what happens.
I find this problem on Ubuntu 12.10 and libvirt 0.9.13
alinefm@alinefm:~/libvirt$ libvirtd --version libvirtd (libvirt) 0.9.13
But I've just checked the latest libvirt (from source code) on same Ubuntu node and I was able to create and start a domain (which name contains spaces) The current upstream version is 1.2.1
alinefm@alinefm:~/libvirt$ sudo ./daemon/libvirtd -d alinefm@alinefm:~/libvirt$ sudo tools/virsh -c qemu:///system Welcome to lt-virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh # list --all Id Name State ---------------------------------------------------- - fedora18-iso-stream shut off - Fedora19 shut off - openSUSE-13-1 shut off - RHEL6.5 shut off - Ubuntu13-10 shut off - with spaces shut off
virsh # start 'with spaces' Domain with spaces started
virsh # destroy 'with spaces' Domain with spaces destroyed
Does it make sense to you? And, if yes, what would you suggest as an appropriate work-around in this case?
On Thu, Jan 23, 2014 at 5:48 PM, Aline Manera <alinefm@linux.vnet.ibm.com
wrote:
On 01/22/2014 07:19 PM, Crístian Viana wrote:
As I added to the GitHub issue page ( https://github.com/kimchi-project/kimchi/issues/306#issuecomment-33068988), I don't think having a space in a VM's name is a problem. I am able to create a VM named "hello world" using Kimchi and virsh.
We should not add a limitation like this one to Kimchi (i.e. restricting the VM name) if there's not a real reason to.
Agree.
Seems this problem is on a deeper layer. In a quick search on the internet I found a lot of forums related to "libvirtError: internal error cannot load AppArmor profile" We need to investigate more to find the root cause.
Am 22-01-2014 19:01, schrieb Otavio R. Piske:
From: "Otavio R. Piske" <angusyoung@gmail.com>
Kimchi fails to start the guest OS if the user names it with spaces. As pointed in the issue #306, other VM management interfaces prevent the user from creating a guest OS if the name contain invalid characters.
This patch adds a validation logic that prevents the user from naming a Guest OS with anything other than alphanumeric chars, '-', '.' or '_'.
Signed-off-by: Otavio R. Piske <angusyoung@gmail.com>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Otavio R. Piske http://orpiske.net
-- Otavio R. Piske http://orpiske.net
-- Otavio R. Piske http://orpiske.net
participants (4)
-
Aline Manera
-
Crístian Viana
-
Otavio R. Piske
-
Otavio Rodolfo Piske