On 07.03.2016 10:21, Martin Pitt wrote: > However, there's still one major issue left: Despite the > "readonly=on", one can actually mount /dev/vdb1 in the VM and write > files into it! This sounds like a QEMU bug (running > 1:2.5+dfsg-5ubuntu4 here), but as long as that exists this is > dangerous as this alters your pristine base images. I already tried to > add the "readonly=on" to the "device_add", but that's just an "unknown > property". Unfortunately this stuff isn't documented very well..
So I just tried this on an Ubuntu Wily box, both with the QEMU from
Wily and with the QEMU from Xenial (only upgraded QEMU + deps, didn't
upgrade the entire OS) - and I really cannot reproduce this.
Host kernel: 4.2.0-30-generic
QEMU: 1:2.3+dfsg-5ubuntu9.2 and 1:2.5+dfsg-5ubuntu4
Image: adt-sid.img as generated per adt-virt-qemu(1) manpage
instructions with vmdebootstrap (exactly, no changes!)
Tried both writable to user executing QEMU and not
writable to user executing QEMU.
My Debian machine with which I tried that earlier had:
Host kernel: 4.4.2-3 (from sid)
QEMU: 1:2.5+dfsg-4~bpo8+1
Image: see above
I consistently get (via adt-run --shell, autopkgtest git master, no
changes) in _any_ of these setups:
mount: /dev/vdb1 is write-protected, mounting read-only
(Now I haven't tried the newest kernel on the Ubuntu side, but I'd
_really_ be surprised if that changed anything - especially since
I did try with a recent kernel on Debian with basically the same
QEMU version.)
Regards,
Christian
signature.asc
Description: OpenPGP digital signature
