[libvirt] [PATCH v3] Add support for fd: protocol
Kevin Wolf
kwolf at redhat.com
Tue Jul 26 14:19:40 UTC 2011
Am 26.07.2011 16:00, schrieb Eric Blake:
> On 07/26/2011 06:51 AM, Corey Bryant wrote:
>> There are some additional features provided by certain image types
>> where Qemu reopens the image file. All of these scenarios will be
>> unsupported for the fd: protocol, at least for this patch:
>>
>> - The -snapshot command line option
>> - The savevm monitor command
>> - The snapshot_blkdev monitor command
>> - Use of copy-on-write image files
>> - The -cdrom command line option
>> - The -drive command line option with media=cdrom
>> - The change monitor command
>>
>> The thought is that this support can be added in the future, but is
>> not required for the initial fd: support.
>
> Libvirt will eventually need support for fd passing on savevm,
> snapshot_blkdev, and change monitor commands, as well as for -cdrom,
> before this feature can be used to provide the desired security
> enhancements. I agree that for an incremental patch, you don't have to
> solve all points at once, but until all places have been modified to
> support fd usage, you aren't gaining any security, except for severely
> constrained guests.
>
> Furthermore, how do you plan to map fd: to filename? There's already
> been big threads on why snapshot_blkdev needs both the new fd: and the
> name of the old backing file at the same time, so that qemu can write
> the correct headers into new qcow2 files.
That's a problem to solve in snapshot_blkdev, not in -drive. In general
qemu doesn't need and shouldn't know the file name if it's meant to use
an fd.
Kevin
More information about the libvir-list
mailing list