[RFC PATCH 0/4] qemu: Forbid NBD migration with TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Currently we can't use TLS for NBD so allowing it if TLS is requested
creates a security problem. Reject it by refusing to migrate disks and
setup TLS on destination since that is easy enough.

Note: That I've did not test this yet since my TLS setup was broken.
I'll fix it later today and reprot the findings.

Peter Krempa (4):
  qemu: caps: Add capability for TLS transport in the NBD server
  qemu: monitor: Add 'tls-creds' parameter to 'nbd-server-start' command
  qemu: migration: Use TLS environment for NBD server if requested
  qemu: migration: Forbid 'nbd' migration of non-shared storage if TLS
    is requested

 src/qemu/qemu_capabilities.c                       |  2 ++
 src/qemu/qemu_capabilities.h                       |  1 +
 src/qemu/qemu_migration.c                          | 28 +++++++++++++++++++---
 src/qemu/qemu_monitor.c                            |  7 +++---
 src/qemu/qemu_monitor.h                            |  3 ++-
 src/qemu/qemu_monitor_json.c                       |  4 +++-
 src/qemu/qemu_monitor_json.h                       |  3 ++-
 tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml |  1 +
 tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml  |  1 +
 tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml |  1 +
 tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml  |  1 +
 tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml  |  1 +
 tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml    |  1 +
 tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml    |  1 +
 tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml    |  1 +
 tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml    |  1 +
 tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml    |  1 +
 tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml   |  1 +
 tests/qemumonitorjsontest.c                        |  2 +-
 27 files changed, 59 insertions(+), 10 deletions(-)

-- 
2.16.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux