On 02/16/2010 12:33 PM, Daniel P. Berrange wrote:
The idea of zeroing upon delete, is that we want the currently
allocated
extents to be overwritten with zeros. If we truncate to 0 size, then
extend to original size I imagine that would easily allow the filesystem
to give you a new set of extents filled with zeros, leaving the old
extents with data intact as unused space on the FS.
Yeah, as long as you use regular files as images you're safe, but you'd
expose the old data if you destroyed the partition on which the file
resided and used the partition as storage for a new guest.
But then in this scenario (delete file system partition and give it out
as raw) you could expose information not only about other/old guests,
but also about the host. So for partitions it can be even more
important to provide an option to zero the partition _before_ giving it
out. Currently you cannot do that with libvirt.
Also, we need to make sure that this code works with physical block
devices, as well as plain files. You can't truncate a block device so
we'll need to write zeros in that case anyway.
A block device won't ever be sparse---I was talking about the sparse
case only.
Paolo