Re: [libvirt] [PATCH 3/3] Add volume zeroing
On Tue, Feb 16, 2010 at 01:31:58PM +0100, Paolo Bonzini wrote:
On 02/16/2010 12:33 PM, Daniel P. Berrange wrote:
>The idea of zeroing upon delete, is that we want the currently allocated
>extents to be overwritten with zeros. If we truncate to 0 size, then
>extend to original size I imagine that would easily allow the filesystem
>to give you a new set of extents filled with zeros, leaving the old
>extents with data intact as unused space on the FS.
Yeah, as long as you use regular files as images you're safe, but you'd
expose the old data if you destroyed the partition on which the file
resided and used the partition as storage for a new guest.
But then in this scenario (delete file system partition and give it out
as raw) you could expose information not only about other/old guests,
but also about the host. So for partitions it can be even more
important to provide an option to zero the partition _before_ giving it
out. Currently you cannot do that with libvirt.
There is an unused 'flags' parameter in virStorageVolCreate(), where
we could/should add a VIR_STORAGE_VOL_CREATE_ZEROED parameter too
for that scenario
ANother option would be to add an explicit virStorageVolZero() API to
allow a volume to be wiped independently of create/delete operations.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|