Re: [libvirt] [RFC PATCH 4/4] qemu: migration: Forbid 'nbd' migration of non-shared storage if TLS is requested
On Thu, Apr 26, 2018 at 04:51:49PM +0200, Peter Krempa wrote:
Since libvirt is currently not able to setup the NBD migration
stream
secured by TLS we should not allow such migration since data would be
transferred unencrypted.
This will break compatibility of TLS migration if non-shared storage is
requested but the security implications are more severe.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_migration.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 3b5ba4f0a1..24ef819738 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3352,6 +3352,15 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
if (migrate_flags & (QEMU_MONITOR_MIGRATE_NON_SHARED_DISK |
QEMU_MONITOR_MIGRATE_NON_SHARED_INC)) {
if (mig->nbd) {
+ /* Currently libvirt does not support setting up of the NBD
+ * non-shared storage migration with TLS. As we need to honour the
+ * VIR_MIGRATE_TLS flag, we need to reject such migration. */
You might want to reword the last sentence to be explicitly clear that:
"... reject such migration until TLS for NBD streams is implemented."
Or something like that. Your choice.
From what I understand, what you are saying is -- today if one sets
VIR_MIGRATE_TLS flag, then libvirt will use TLS for the migration stream
but not for the NBD stream via which non-shared disks will be migrated.
You are fixing that inconsistency.
+ if (flags & VIR_MIGRATE_TLS) {
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("NBD migration with TLS is not supported"));
+ goto error;
+ }
+
/* This will update migrate_flags on success */
if (qemuMigrationSrcDriveMirror(driver, vm, mig,
spec->dest.host.name,
--
2.16.2
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
/kashyap