From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:40954) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QjB3W-0005lX-GE for qemu-devel@nongnu.org; Tue, 19 Jul 2011 10:13:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QjB3Q-0001uA-Gu for qemu-devel@nongnu.org; Tue, 19 Jul 2011 10:13:49 -0400 Received: from mx1.redhat.com ([209.132.183.28]:31255) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QjB3P-0001tl-R7 for qemu-devel@nongnu.org; Tue, 19 Jul 2011 10:13:44 -0400 Message-ID: <4E258D70.6000205@redhat.com> Date: Tue, 19 Jul 2011 07:58:08 -0600 From: Eric Blake MIME-Version: 1.0 References: <4E2055AE.8090107@redhat.com> <4E253136.4080509@redhat.com> <4E258635.2040108@redhat.com> In-Reply-To: <4E258635.2040108@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] live snapshot wiki updated List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jes Sorensen Cc: Stefan Hajnoczi , QEMU Developers , Stefan Hajnoczi On 07/19/2011 07:27 AM, Jes Sorensen wrote: > On 07/19/11 15:23, Stefan Hajnoczi wrote: >> On Tue, Jul 19, 2011 at 8:24 AM, Jes Sorensen wrote: >>> On 07/18/11 16:08, Stefan Hajnoczi wrote: >>>> On Fri, Jul 15, 2011 at 3:58 PM, Jes Sorensen wrote: >>>>> I have been updating the live snapshot wiki for qemu to try and cover >>>>> the commands we will want for async snapshot handling too. >>>>> >>>>> http://wiki.qemu.org/Features/Snapshots >>>> >>>> Regarding fd passing, do we even support SELinux today with backing files? >>> >>> Not sure I understand what you mean. The current code should be happy to >>> take an existing file or a raw device for the snapshot. >> >> Sorry, I was off on a tangent. >> >> I think today QEMU does not support opening image files with a backing >> file purely using file descriptors. We currently require the ability >> to open files. > > I see what you mean - I don't actually know how that would work, since > the backing file specified in the front image will be a file name. > > Eric, what happens if libvirt in an selinux environment tells QEMU to > launch using an image file that is backed by backing file(s)? Before starting qemu, libvirt first parses all the image files, to see if any of them have backing images. For every qcow2 or qed image with a backing file, libvirt sets the SELinux context of both the qcow2 image and its backing file so that qemu will be able to successfully open() them. But if any of those files reside on NFS, then it is not possible to label individual files, so it requires setting the SELinux bool virt_use_nfs, which thus gives qemu the power to open() arbitrary files on NFS, and you've lost security. It would be nice if libvirt had a way to pass fds for every disk and backing file up front; then, SELinux can work around the lack of NFS per-file labelling by blocking open() in qemu. In fact, this has already been proposed: http://lists.gnu.org/archive/html/qemu-devel/2011-06/msg02072.html http://lists.gnu.org/archive/html/qemu-devel/2011-06/msg01992.html That thread mentioned both a command-line syntax for passing in fds for backing files, as well as an extension to the getfd monitor command to allow association of a runtime fd with a filename. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org