Re: virStorageFileGetMetadata bug?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting Eric Blake (eblake@xxxxxxxxxx):
> On 10/30/2014 02:32 PM, Serge Hallyn wrote:
> > Hi,
> > 
> > I'm looking into why virt-aa-helper isn't adding allow rules for
> > backing stores nested deeper than 1.  So if I do
> > 
> > qemu-img create -f qcow2 l1.img 10G
> > qemu-img create -f qcow2 -b l1.img l2.img
> 
> Oops, you forgot the backing format.  Without that, libvirt is forced to
> treat the backing file as raw unless you tweak qemu.conf to allow format
> probing (which then exposes you to a CVE if probing ever goes wrong).
> 
> Please add -o backing_fmt={qcow2,raw} as appropriate to each qemu-img
> create, then try again.

Jinkeys, yup, that fixes it - thanks!

> > and virStorageFileGetMetadata in turn calls virStorageFileGetMetadataRecurse().
> > So it seems like l3.img *should* be geting hit in virDomainDiskDefForeachPath,
> > but it's not.  Am I misunderstanding something in how these helpers should be
> > used?
> 
> You are missing the fact that we refuse to probe a backing file for
> format, and instead treat it as raw (even if that treatment is wrong),
> unless explicitly configured to be less safe.

Sounds like the safe thing to do.

thanks,
-serge

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]