On 10/30/2014 02:32 PM, Serge Hallyn wrote:
> Hi,
>
> I'm looking into why virt-aa-helper isn't adding allow rules for
> backing stores nested deeper than 1. So if I do
>
> qemu-img create -f qcow2 l1.img 10G
> qemu-img create -f qcow2 -b l1.img l2.img
Oops, you forgot the backing format. Without that, libvirt is forced to
treat the backing file as raw unless you tweak qemu.conf to allow format
probing (which then exposes you to a CVE if probing ever goes wrong).
Please add -o backing_fmt={qcow2,raw} as appropriate to each qemu-img
create, then try again.
>
> and virStorageFileGetMetadata in turn calls virStorageFileGetMetadataRecurse().
> So it seems like l3.img *should* be geting hit in virDomainDiskDefForeachPath,
> but it's not. Am I misunderstanding something in how these helpers should be
> used?
You are missing the fact that we refuse to probe a backing file for
format, and instead treat it as raw (even if that treatment is wrong),
unless explicitly configured to be less safe.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list