From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42825)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rjones@redhat.com>) id 1b067P-0006Jm-Uz
	for qemu-devel@nongnu.org; Tue, 10 May 2016 07:46:29 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rjones@redhat.com>) id 1b067N-0007az-Mt
	for qemu-devel@nongnu.org; Tue, 10 May 2016 07:46:26 -0400
Date: Tue, 10 May 2016 12:46:15 +0100
From: "Richard W.M. Jones" <rjones@redhat.com>
Message-ID: <20160510114615.GZ1683@redhat.com>
References: <20160510081425.GV1683@redhat.com>
	<20160510084303.GB28935@redhat.com>
	<20160510085041.GC13377@redhat.com>
	<20160510091422.GG4921@noname.str.redhat.com>
	<20160510092338.GG13377@redhat.com>
	<20160510093514.GH4921@noname.str.redhat.com>
	<20160510094310.GH13377@redhat.com>
	<20160510100706.GJ4921@noname.str.redhat.com>
	<20160510101612.GY1683@redhat.com>
	<20160510110849.GK4921@noname.str.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160510110849.GK4921@noname.str.redhat.com>
Subject: Re: [Qemu-devel] [PATCH v4 00/27] block: Lock images when opening
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>, Fam Zheng <famz@redhat.com>, qemu-block@nongnu.org, Jeff Cody <jcody@redhat.com>, Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org, stefanha@redhat.com, pbonzini@redhat.com, den@openvz.org, Max Reitz <mreitz@redhat.com>, John Snow <jsnow@redhat.com>

On Tue, May 10, 2016 at 01:08:49PM +0200, Kevin Wolf wrote:
> Are you saying that libguestfs only allows operations like df on live
> images, but not e.g. copying files out of the VM?
[...]

virt-copy-out will let you copy out files from a live VM.

There's no difference between "safe" and "unsafe" operations, because
(a) it depends on unknowable information about the guest -- it's safe
to read (even write) a filesystem if it's not mounted by the guest,
and (b) even reading a superblock field from an in-use mounted
filesystem is subject to an unlikely but possible race.

Users of libguestfs on live VMs just have to be aware of this, and we
make them aware over and over again of the potential problems.
Importantly, readonly access won't result in corrupt filesystems in
the live VM.

I'm much more interested in stopping people from writing to live VMs.
That is a serious problem, results in unrecoverable filesystems and
near-100% certain data loss [especially with journalled fses], and is
something that has no (or very very few) valid use cases.  It's also
something which only qemu is in a position to properly protect
against.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top