The following patches implement overwriting a volume with zeros when the volume is deleted. The zeroing happens before the delete, so it works for storage backends that don't support actually deleting volumes as well as the ones that do. The intent is that any future VM assigned that volume will not be able to recover any data belonging to the previous VM. It is not intended to prevent attackers with physical access to the medium from recovering data--it simply writes a single pass of zeros over the medium. If the filesystem containing the volume supports the fiemap ioctl and the volume is a sparse file, the volume zeroing code attempts to use fiemap to locate the mapped extents. It does not attempt to zero a sparse file if it cannot use fiemap. Such an operation could take an essentially unbounded amount of time. Since the volume is being deleted, zeroing has less value in the context of backends that support delete, but does provide value with storage backends that do not zero volumes if they are deleted and recreated. Dave -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list