On Tue, Feb 16, 2010 at 01:31:58PM +0100, Paolo Bonzini wrote: > On 02/16/2010 12:33 PM, Daniel P. Berrange wrote: > >The idea of zeroing upon delete, is that we want the currently allocated > >extents to be overwritten with zeros. If we truncate to 0 size, then > >extend to original size I imagine that would easily allow the filesystem > >to give you a new set of extents filled with zeros, leaving the old > >extents with data intact as unused space on the FS. > > Yeah, as long as you use regular files as images you're safe, but you'd > expose the old data if you destroyed the partition on which the file > resided and used the partition as storage for a new guest. > > But then in this scenario (delete file system partition and give it out > as raw) you could expose information not only about other/old guests, > but also about the host. So for partitions it can be even more > important to provide an option to zero the partition _before_ giving it > out. Currently you cannot do that with libvirt. There is an unused 'flags' parameter in virStorageVolCreate(), where we could/should add a VIR_STORAGE_VOL_CREATE_ZEROED parameter too for that scenario ANother option would be to add an explicit virStorageVolZero() API to allow a volume to be wiped independently of create/delete operations. Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list