Re: [libvirt] [PATCH] Add copy-on-write image support

On Mon, Jan 12, 2009 at 09:19:02AM +0000, Miloslav Trma?? wrote: I've realized there's a slight problem with our idea to add a simple <backingStore>/some/path</backingStore> element to the volume '<target>' section. Specifically when creating a new image it is desirable to explicitly specify the format of the backing store. Without this, QEMU will probe backing store format and this opens a security problem - if the backing store was a raw file, the guest could have written data into it, such that QEMU will mis-probe it as QCow, and thus potentially be able to compromise abuse it to read any file on the host. I thus think it is better to have the backing store info outside the target block, as a top level item, allowing the exact same child elements are 'target' does. As an example, a QCow2 image, with a raw backing store would appear as: <volume> <name>OtherDemo.img</name> <key>/var/lib/libvirt/images/OtherDemo.img</key> <source> </source> <capacity>5242880000</capacity> <allocation>294912</allocation> <target> <path>/var/lib/libvirt/images/OtherDemo.img</path> <format type='qcow2'/> <permissions> <mode>0644</mode> <owner>0</owner> <group>0</group> <label>unconfined_u:object_r:virt_image_t:s0</label> </permissions> </target> <backingStore> <path>/var/lib/libvirt/images/XennerDemo.img</path> <format type='raw'/> <permissions> <mode>0444</mode> <owner>0</owner> <group>0</group> <label>system_u:object_r:virt_image_t:s0</label> </permissions> </backingStore> </volume> I've updated your patch to work in this way and am in the process of making it support LVM based COW/snapshotting too. I'll post a complete patch with all this in soon.. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|