virsh: snapshot: Don't validate schema of XML generated by 'virsh snapshot-create-as'

Commit 95f8e3237e5486f487324c6 which introduced XML schema validation
for snapshot XMLs always asserted the validation for the XML generated
by 'virsh snapshot-create-as' on the basis that it's libvirt-generated,
thus valid.

This unfortunately isn't true as users can influence certain bits of the
XML such as the disk image path which must be a full path. Thus if a
user tries to invoke virsh as:

 $ virsh snapshot-create-as upstream --diskspec vda,file=relative.qcow2
 error: XML document failed to validate against schema: Unable to validate doc against /path/to/domainsnapshot.rng
 Extra element disks in interleave
 Element domainsnapshot failed to validate content

They get a rather useless error from the libxml2 RNG validator.

With this fix applied, we get to the XML parser in libvirtd which has a
more reasonable error:

 $ virsh snapshot-create-as upstream --diskspec vda,file=relative.qcow2
 error: XML error: disk snapshot image path 'relative.qcow2' must be absolute

Instead users can force validation of the XML generated by 'virsh
snapshot-create-as' by passing the '--validate' flag.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index bccda292a2d8644b3747ffcc20a437c200a1b290..ad91cd6356fa6ab24b09595abf66b5b7a4479be7 100644 (file)
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -6916,7 +6916,7 @@ snapshot-create-as
 
    snapshot-create-as domain {[--print-xml] [--no-metadata]
       [--halt] [--reuse-external]} [name]
-      [description] [--disk-only [--quiesce]] [--atomic]
+      [description] [--disk-only [--quiesce]] [--atomic] [--validate]
       [[--live] [--memspec memspec]] [--diskspec] diskspec]...
 
 Create a snapshot for domain *domain* with the given <name> and
@@ -6988,6 +6988,8 @@ For now, it is not possible to create snapshots in a domain that has
 checkpoints, although this restriction will be lifted in a future
 release.
 
+Optionally, the *--validate* option can be passed to validate XML document
+which is internally generated by this command against the internal RNG schema.
 
 snapshot-current
 ----------------

diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c
index 2bc2cb7e230ef7d593d6b7d17c094885548e79a2..2bec722c61469eb0f7f33676973c905301a8e865 100644 (file)
--- a/tools/virsh-snapshot.c
+++ b/tools/virsh-snapshot.c
@@ -372,6 +372,10 @@ static const vshCmdOptDef opts_snapshot_create_as[] = {
      .help = N_("require atomic operation")
     },
     VIRSH_COMMON_OPT_LIVE(N_("take a live snapshot")),
+    {.name = "validate",
+     .type = VSH_OT_BOOL,
+     .help = N_("validate the XML against the schema"),
+    },
     {.name = "memspec",
      .type = VSH_OT_STRING,
      .flags = VSH_OFLAG_REQ_OPT,
@@ -394,7 +398,7 @@ cmdSnapshotCreateAs(vshControl *ctl, const vshCmd *cmd)
     const char *desc = NULL;
     const char *memspec = NULL;
     g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
-    unsigned int flags = VIR_DOMAIN_SNAPSHOT_CREATE_VALIDATE;
+    unsigned int flags = 0;
     const vshCmdOpt *opt = NULL;
 
     if (vshCommandOptBool(cmd, "no-metadata"))
@@ -411,6 +415,8 @@ cmdSnapshotCreateAs(vshControl *ctl, const vshCmd *cmd)
         flags |= VIR_DOMAIN_SNAPSHOT_CREATE_ATOMIC;
     if (vshCommandOptBool(cmd, "live"))
         flags |= VIR_DOMAIN_SNAPSHOT_CREATE_LIVE;
+    if (vshCommandOptBool(cmd, "validate"))
+        flags |= VIR_DOMAIN_SNAPSHOT_CREATE_VALIDATE;
 
     if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
         return false;