Re: [libvirt] [PATCH 00/30] storagefile, security: qcow2 data_file support

Hello Cole, one issue is found: The qcow2 data file XTTRs is not cleaned on external snapshot when -blockdev is not enabled Versions: libvirt v5.8.0-134-g9d03e9adf1 qemu-kvm-4.1.0-13.module+el8.1.0+4313+ef76ec61.x86_64 Steps: 1. Convert a OS image to qcow2&qcow2 data file: # qemu-img convert -O qcow2 -o data_file=/var/lib/libvirt/images/pc-data.raw,data_file_raw=on /var/lib/libvirt/images/pc.qcow2 /var/lib/libvirt/images/pc-data.qcow2 2. Build and start libvirt source, start libvirt daemon: # make clean && CC=/usr/lib64/ccache/cc ./autogen.sh&&./configure --without-libssh --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-qemu --without-openvz --without-lxc --without-vbox --without-libxl --with-sasl --with-polkit --with-libvirtd --without-phyp --with-esx --without-hyperv --without-vmware --without-xenapi --without-vz --without-bhyve --with-interface --with-network --with-storage-fs --with-storage-lvm --with-storage-iscsi --with-storage-iscsi-direct --with-storage-scsi --with-storage-disk --with-storage-mpath --with-storage-rbd --without-storage-sheepdog --with-storage-gluster --without-storage-zfs --without-storage-vstorage --with-numactl --with-numad --with-capng --without-fuse --with-netcf --with-selinux --with-selinux-mount=/sys/fs/selinux --without-apparmor --without-hal --with-udev --with-yajl --with-sanlock --with-libpcap --with-macvtap --with-audit --with-dtrace --with-driver-modules --with-firewalld --with-firewalld-zone --without-wireshark-dissector --without-pm-utils --with-nss-plugin '--with-packager=Unknown, 2019-08-19-12:13:01, lab.rhel8.me <http://lab.rhel8.me>' --with-packager-version=1.el8 --with-qemu-user=qemu --with-qemu-group=qemu --with-tls-priority=@LIBVIRT,SYSTEM --enable-werror --enable-expensive-tests --with-init-script=systemd --without-login-shell && make -j8 # LD_PRELOAD="$(find src -name '*.so.*'|tr '\n' ' ')" src/.libs/virtlogd # LD_PRELOAD="$(find src -name '*.so.*'|tr '\n' ' ')" LIBVIRT_DEBUG=3 LIBVIRT_LOG_FILTERS="1:util 1:qemu 1:security" LIBVIRT_LOG_OUTPUTS="1:file:/tmp/libvirt_daemon.log" src/.libs/libvirtd 3. Define and start an VM with the qcow2&qcow2 data file. Note that the -blockdev is not enabled # virsh define pc-data.xml # virsh start pc-data 4. Create snapshot and check the data file XATTRs: # virsh snapshot-create-as pc-data s1 --no-metadata --disk-only # getfattr -m - -d /var/lib/libvirt/images/pc-data.raw getfattr: Removing leading '/' from absolute path names # file: var/lib/libvirt/images/pc-data.raw security.selinux="unconfined_u:object_r:svirt_image_t:s0:c775,c1011" trusted.libvirt.security.dac="+107:+107" trusted.libvirt.security.ref_dac="1" trusted.libvirt.security.ref_selinux="1" trusted.libvirt.security.selinux="unconfined_u:object_r:svirt_image_t:s0:c284,c367" trusted.libvirt.security.timestamp_dac="1563328069" trusted.libvirt.security.timestamp_selinux="1563328069" Shutdown the VM. The XATTRs of data file is not changed. It is not expected. The XTTRs should not contain *.libvirt.* Issue is not reproduced with -blockdev enabled: <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> ...   <qemu:capabilities>     <qemu:add capability='blockdev'/>     <qemu:del capability='drive'/>   </qemu:capabilities> </domain> See the libvirt daemon log and vm xml in attachment.