Am 26.07.2011 16:00, schrieb Eric Blake: > On 07/26/2011 06:51 AM, Corey Bryant wrote: >> There are some additional features provided by certain image types >> where Qemu reopens the image file. All of these scenarios will be >> unsupported for the fd: protocol, at least for this patch: >> >> - The -snapshot command line option >> - The savevm monitor command >> - The snapshot_blkdev monitor command >> - Use of copy-on-write image files >> - The -cdrom command line option >> - The -drive command line option with media=cdrom >> - The change monitor command >> >> The thought is that this support can be added in the future, but is >> not required for the initial fd: support. > > Libvirt will eventually need support for fd passing on savevm, > snapshot_blkdev, and change monitor commands, as well as for -cdrom, > before this feature can be used to provide the desired security > enhancements. I agree that for an incremental patch, you don't have to > solve all points at once, but until all places have been modified to > support fd usage, you aren't gaining any security, except for severely > constrained guests. > > Furthermore, how do you plan to map fd: to filename? There's already > been big threads on why snapshot_blkdev needs both the new fd: and the > name of the old backing file at the same time, so that qemu can write > the correct headers into new qcow2 files. That's a problem to solve in snapshot_blkdev, not in -drive. In general qemu doesn't need and shouldn't know the file name if it's meant to use an fd. Kevin -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list