On 10/30/2014 02:32 PM, Serge Hallyn wrote:
Hi,
I'm looking into why virt-aa-helper isn't adding allow rules for
backing stores nested deeper than 1. So if I do
qemu-img create -f qcow2 l1.img 10G
qemu-img create -f qcow2 -b l1.img l2.img
Oops, you forgot the backing format. Without that, libvirt is forced to
treat the backing file as raw unless you tweak qemu.conf to allow format
probing (which then exposes you to a CVE if probing ever goes wrong).
Please add -o backing_fmt={qcow2,raw} as appropriate to each qemu-img
create, then try again.
and virStorageFileGetMetadata in turn calls virStorageFileGetMetadataRecurse().
So it seems like l3.img *should* be geting hit in virDomainDiskDefForeachPath,
but it's not. Am I misunderstanding something in how these helpers should be
used?
You are missing the fact that we refuse to probe a backing file for
format, and instead treat it as raw (even if that treatment is wrong),
unless explicitly configured to be less safe.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org