Re: [Qemu-devel] [PATCH 0/3] vpc: support probing of fixed size images

[Eric Blake <eblake@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1376 bytes --]

On 08/15/2014 06:28 AM, Jeff Cody wrote:

> I worry that will subtly alter current behavior in bad ways.  For
> instance, take this image chain:
> 
>     qemu-img create -f qcow2 foo.img 1G
>     qemu-img create -f qcow2 -b foo.img bar.img 1G
> 
>     qemu-kvm -drive file=bar.img,format=qcow2
> 
> 
> If I understand correctly what you are proposing, that means that
> qemu-kvm would detect 'foo.img' as raw, while current behavior is to
> detect it as 'qcow2'.
> 

Libvirt ALREADY defaults to detecting foo.img as raw, and refuses to
grant SELinux permissions for qemu to read bar.img, which causes qemu to
fail to start due to missing permissions.  All because probing is deemed
too dangerous (a probe that results in an answer of "raw" is
trustworthy, a probe that results in any other answer is suspect if the
file has any remote chance of having once been raw).

> Although if we do that in conjunction with what Kevin proposed (forbid
> probing on raw), it would behave 'properly', and bail out before doing
> something bad.  That could be OK.

The problem is that you can't forbid probing on raw without forbidding
probing almost everywhere.  Again, an answer of "raw" is trustworthy, it
is ALL OTHER answers that are suspect.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 539 bytes --]