[libvirt] virStorageFileGetMetadata bug?
Eric Blake
eblake at redhat.com
Thu Oct 30 20:56:44 UTC 2014
On 10/30/2014 02:32 PM, Serge Hallyn wrote:
> Hi,
>
> I'm looking into why virt-aa-helper isn't adding allow rules for
> backing stores nested deeper than 1. So if I do
>
> qemu-img create -f qcow2 l1.img 10G
> qemu-img create -f qcow2 -b l1.img l2.img
Oops, you forgot the backing format. Without that, libvirt is forced to
treat the backing file as raw unless you tweak qemu.conf to allow format
probing (which then exposes you to a CVE if probing ever goes wrong).
Please add -o backing_fmt={qcow2,raw} as appropriate to each qemu-img
create, then try again.
>
> and virStorageFileGetMetadata in turn calls virStorageFileGetMetadataRecurse().
> So it seems like l3.img *should* be geting hit in virDomainDiskDefForeachPath,
> but it's not. Am I misunderstanding something in how these helpers should be
> used?
You are missing the fact that we refuse to probe a backing file for
format, and instead treat it as raw (even if that treatment is wrong),
unless explicitly configured to be less safe.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 539 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20141030/65c60ce5/attachment-0001.sig>
More information about the libvir-list
mailing list