On Fri, Jul 22, 2011 at 11:11 AM, Kevin Wolf wrote:
> Am 22.07.2011 09:36, schrieb Avi Kivity:
>> On 07/20/2011 04:51 PM, Kevin Wolf wrote:
The problem is that QEMU will find backing file file names inside the
images which it will be unable to open. How do you suggest we get aroun
On Fri, Jul 22, 2011 at 12:11 PM, Stefan Hajnoczi wrote:
> On Fri, Jul 22, 2011 at 8:22 AM, Kevin Wolf wrote:
>> Am 21.07.2011 17:01, schrieb Stefan Hajnoczi:
>>> On Thu, Jul 21, 2011 at 3:02 PM, Eric Blake wrote:
Thank you for persisting - you've found another hole that needs to be
pl
On Fri, Jul 22, 2011 at 8:06 AM, Stefan Hajnoczi wrote:
> On Thu, Jul 21, 2011 at 8:42 PM, Blue Swirl wrote:
>> On Thu, Jul 21, 2011 at 6:01 PM, Stefan Hajnoczi wrote:
>>> On Thu, Jul 21, 2011 at 3:02 PM, Eric Blake wrote:
Thank you for persisting - you've found another hole that needs to
On Fri, Jul 22, 2011 at 8:22 AM, Kevin Wolf wrote:
> Am 21.07.2011 17:01, schrieb Stefan Hajnoczi:
>> On Thu, Jul 21, 2011 at 3:02 PM, Eric Blake wrote:
>>> Thank you for persisting - you've found another hole that needs to be
>>> plugged. It sounds like you are proposing that after a qemu proce
Am 22.07.2011 09:36, schrieb Avi Kivity:
> On 07/20/2011 04:51 PM, Kevin Wolf wrote:
>>>
>>> The problem is that QEMU will find backing file file names inside the
>>> images which it will be unable to open. How do you suggest we get around
>>> that?
>>
>> This is the part with allowing libvirt t
On 07/20/2011 04:51 PM, Kevin Wolf wrote:
>
> The problem is that QEMU will find backing file file names inside the
> images which it will be unable to open. How do you suggest we get around
> that?
This is the part with allowing libvirt to override the backing file. Of
course, this is not so
Am 21.07.2011 17:01, schrieb Stefan Hajnoczi:
> On Thu, Jul 21, 2011 at 3:02 PM, Eric Blake wrote:
>> Thank you for persisting - you've found another hole that needs to be
>> plugged. It sounds like you are proposing that after a qemu process dies,
>> that libvirt re-reads the qcow2 metadata head
On Thu, Jul 21, 2011 at 8:42 PM, Blue Swirl wrote:
> On Thu, Jul 21, 2011 at 6:01 PM, Stefan Hajnoczi wrote:
>> On Thu, Jul 21, 2011 at 3:02 PM, Eric Blake wrote:
>>> Thank you for persisting - you've found another hole that needs to be
>>> plugged. It sounds like you are proposing that after a
On Thu, Jul 21, 2011 at 6:01 PM, Stefan Hajnoczi wrote:
> On Thu, Jul 21, 2011 at 3:02 PM, Eric Blake wrote:
>> Thank you for persisting - you've found another hole that needs to be
>> plugged. It sounds like you are proposing that after a qemu process dies,
>> that libvirt re-reads the qcow2 me
On Thu, Jul 21, 2011 at 11:07 AM, Jes Sorensen wrote:
> On 07/20/11 21:51, Blue Swirl wrote:
>>> And the snapshot_blkdev monitor command is a case where qemu needs to create
>>> > a new qcow2 image on the fly, while referencing the name of an existing
>>> > file. What backing name do you put in t
On Thu, Jul 21, 2011 at 11:25 AM, Kevin Wolf wrote:
> Am 20.07.2011 19:20, schrieb Blue Swirl:
>> On Wed, Jul 20, 2011 at 4:51 PM, Kevin Wolf wrote:
>>> Am 20.07.2011 15:25, schrieb Jes Sorensen:
On 07/20/11 12:01, Kevin Wolf wrote:
>>> Right, we're stuck with the two horros of NFS and s
On 07/19/2011 11:47 AM, Daniel P. Berrange wrote:
On Tue, Jul 19, 2011 at 04:30:19PM +0200, Jes Sorensen wrote:
On 07/19/11 16:24, Eric Blake wrote:
[adding the libvir-list]
On 07/19/2011 08:09 AM, Jes Sorensen wrote:
Urgh, libvirt parsing image files is really unfortunate, it really
doesn't g
On Thu, Jul 21, 2011 at 3:02 PM, Eric Blake wrote:
> Thank you for persisting - you've found another hole that needs to be
> plugged. It sounds like you are proposing that after a qemu process dies,
> that libvirt re-reads the qcow2 metadata headers, and validates that the
> backing file informat
On Wed, Jul 20, 2011 at 8:41 PM, Eric Blake wrote:
> On 07/20/2011 11:20 AM, Blue Swirl wrote:
>>
>> There could still be some issues:
>> Let's have files A, B, C etc. with backing files AA etc. How would
>> libvirt know that when QEMU wants to write to file CA, this is because
>> it's needed to a
On Wed, Jul 20, 2011 at 4:51 PM, Kevin Wolf wrote:
> Am 20.07.2011 15:25, schrieb Jes Sorensen:
>> On 07/20/11 12:01, Kevin Wolf wrote:
> Right, we're stuck with the two horros of NFS and selinux, so we need
> something that gets around the problem. In a sane world we would simply
> sa
On 07/20/2011 12:00 PM, Blue Swirl wrote:
Let's have files A, B, C etc. with backing files AA etc. How would
libvirt know that when QEMU wants to write to file CA, this is because
it's needed to access C, or is it just trickery by a devious guest to
corrupt storage?
The fix for CVE-2010-2238 al
On 07/20/2011 02:01 PM, Blue Swirl wrote:
Either because CA was mentioned as a backing file for C (in which case
libvirt already knows about it, because either libvirt handed C to qemu at
startup time after already parsing C's headers to learn that CA is a backing
file, or because libvirt called
On Wed, Jul 20, 2011 at 9:17 PM, Eric Blake wrote:
> On 07/20/2011 12:00 PM, Blue Swirl wrote:
Let's have files A, B, C etc. with backing files AA etc. How would
libvirt know that when QEMU wants to write to file CA, this is because
it's needed to access C, or is it just tricke
On Wed, Jul 20, 2011 at 8:47 PM, Eric Blake wrote:
> On 07/20/2011 11:27 AM, Blue Swirl wrote:
>>>
>>> We've already told you - qemu must have a way to be passed fds which are
>>> associated with names, and when a file refers to another backing file by
>>> name, then qemu falls back on its fd/name
On 07/20/2011 11:20 AM, Blue Swirl wrote:
There could still be some issues:
Let's have files A, B, C etc. with backing files AA etc. How would
libvirt know that when QEMU wants to write to file CA, this is because
it's needed to access C, or is it just trickery by a devious guest to
corrupt stora
On 07/20/2011 10:34 AM, Anthony Liguori wrote:
On 07/20/2011 08:50 AM, Cleber Rosa wrote:
Just as a reminder: with DAC, if a guest is compromised and somehow
escalates to QEMU, it could disable its isolation (ie, by setting their
own image files world readable). I guess we shouldn't try to fix t
On Wed, Jul 20, 2011 at 4:46 PM, Eric Blake wrote:
> On 07/20/2011 07:25 AM, Jes Sorensen wrote:
>>>
>>> I think if libvirt wants qemu to use an fd instead of a file name, it
>>> shouldn't pass a file name but an fd in the first place. Which means
>>> that the two that we need are support for an f
On 07/20/2011 11:27 AM, Blue Swirl wrote:
We've already told you - qemu must have a way to be passed fds which are
associated with names, and when a file refers to another backing file by
name, then qemu falls back on its fd/name mapping to use the already-passed
fd instead. Which implies that s
On 07/19/2011 11:47 AM, Daniel P. Berrange wrote:
This would be possible if QEMU to provide a libblockformat.so library
which allowed apps to extract metadata from file formats using a stable
API.
I'm in 100% agreement that we need to provide the equivalent of a
libblockformat.so down the road
On 07/20/2011 07:25 AM, Jes Sorensen wrote:
I think if libvirt wants qemu to use an fd instead of a file name, it
shouldn't pass a file name but an fd in the first place. Which means
that the two that we need are support for an fd: protocol (patches on
the list, need review), and a way for libvir
On 07/20/2011 08:50 AM, Cleber Rosa wrote:
Just as a reminder: with DAC, if a guest is compromised and somehow
escalates to QEMU, it could disable its isolation (ie, by setting their
own image files world readable). I guess we shouldn't try to fix the DAC
model, but fix what's preventing us from
Am 20.07.2011 15:25, schrieb Jes Sorensen:
> On 07/20/11 12:01, Kevin Wolf wrote:
Right, we're stuck with the two horros of NFS and selinux, so we need
something that gets around the problem. In a sane world we would simply
say 'no NFS, no selinux', but as you say that will never hap
On 07/20/11 12:01, Kevin Wolf wrote:
>> > Right, we're stuck with the two horros of NFS and selinux, so we need
>> > something that gets around the problem. In a sane world we would simply
>> > say 'no NFS, no selinux', but as you say that will never happen.
>> >
>> > My suggestion of a callback m
On 07/19/2011 12:14 PM, Anthony Liguori wrote:
On 07/19/2011 09:30 AM, Jes Sorensen wrote:
On 07/19/11 16:24, Eric Blake wrote:
[adding the libvir-list]
On 07/19/2011 08:09 AM, Jes Sorensen wrote:
Urgh, libvirt parsing image files is really unfortunate, it really
doesn't give me warm fuzzy fee
Am 20.07.2011 10:25, schrieb Jes Sorensen:
> On 07/19/11 18:14, Anthony Liguori wrote:
As nice as that sentiment is, it will never fly, because it would be a
regression in current behavior. The whole reason that the virt_use_nfs
SELinux bool exists is that some people are willing to
On Wed, Jul 20, 2011 at 11:50:53AM +0200, Kevin Wolf wrote:
> Am 19.07.2011 18:46, schrieb Daniel P. Berrange:
> > On Tue, Jul 19, 2011 at 04:14:27PM +0100, Stefan Hajnoczi wrote:
> >> On Tue, Jul 19, 2011 at 3:30 PM, Jes Sorensen
> >> wrote:
> >>> On 07/19/11 16:24, Eric Blake wrote:
> [add
Am 19.07.2011 18:46, schrieb Daniel P. Berrange:
> On Tue, Jul 19, 2011 at 04:14:27PM +0100, Stefan Hajnoczi wrote:
>> On Tue, Jul 19, 2011 at 3:30 PM, Jes Sorensen
>> wrote:
>>> On 07/19/11 16:24, Eric Blake wrote:
[adding the libvir-list]
On 07/19/2011 08:09 AM, Jes Sorensen wrote:
>>
On Wed, Jul 20, 2011 at 10:23:12AM +0200, Jes Sorensen wrote:
> On 07/19/11 18:46, Daniel P. Berrange wrote:
> > On Tue, Jul 19, 2011 at 04:14:27PM +0100, Stefan Hajnoczi wrote:
> >> For fd-passing perhaps we have an opportunity to use a callback
> >> mechanism (QEMU request: filename -> libvirt re
On Wed, Jul 20, 2011 at 10:26:49AM +0200, Jes Sorensen wrote:
> On 07/19/11 18:47, Daniel P. Berrange wrote:
> > On Tue, Jul 19, 2011 at 04:30:19PM +0200, Jes Sorensen wrote:
> >> On 07/19/11 16:24, Eric Blake wrote:
> >>> Besides, I feel that having a well-documented file format, so that
> >>> ind
On 07/19/11 18:47, Daniel P. Berrange wrote:
> On Tue, Jul 19, 2011 at 04:30:19PM +0200, Jes Sorensen wrote:
>> On 07/19/11 16:24, Eric Blake wrote:
>>> Besides, I feel that having a well-documented file format, so that
>>> independent applications can both parse the same file with the same
>>> sem
On 07/19/11 18:14, Anthony Liguori wrote:
>>> As nice as that sentiment is, it will never fly, because it would be a
>>> regression in current behavior. The whole reason that the virt_use_nfs
>>> SELinux bool exists is that some people are willing to make the partial
>>> security tradeoff. Beside
On 07/19/11 18:46, Daniel P. Berrange wrote:
> On Tue, Jul 19, 2011 at 04:14:27PM +0100, Stefan Hajnoczi wrote:
>> For fd-passing perhaps we have an opportunity to use a callback
>> mechanism (QEMU request: filename -> libvirt response: fd) and do all
>> the image format parsing in QEMU.
>
> The r
"Daniel P. Berrange" writes:
> On Tue, Jul 19, 2011 at 04:14:27PM +0100, Stefan Hajnoczi wrote:
>> On Tue, Jul 19, 2011 at 3:30 PM, Jes Sorensen
>> wrote:
>> > On 07/19/11 16:24, Eric Blake wrote:
>> >> [adding the libvir-list]
>> >> On 07/19/2011 08:09 AM, Jes Sorensen wrote:
>> >>> Urgh, libv
On Tue, Jul 19, 2011 at 04:30:19PM +0200, Jes Sorensen wrote:
> On 07/19/11 16:24, Eric Blake wrote:
> > [adding the libvir-list]
> > On 07/19/2011 08:09 AM, Jes Sorensen wrote:
> >> Urgh, libvirt parsing image files is really unfortunate, it really
> >> doesn't give me warm fuzzy feelings :( libvi
On Tue, Jul 19, 2011 at 04:14:27PM +0100, Stefan Hajnoczi wrote:
> On Tue, Jul 19, 2011 at 3:30 PM, Jes Sorensen wrote:
> > On 07/19/11 16:24, Eric Blake wrote:
> >> [adding the libvir-list]
> >> On 07/19/2011 08:09 AM, Jes Sorensen wrote:
> >>> Urgh, libvirt parsing image files is really unfortun
On 07/19/2011 09:30 AM, Jes Sorensen wrote:
On 07/19/11 16:24, Eric Blake wrote:
[adding the libvir-list]
On 07/19/2011 08:09 AM, Jes Sorensen wrote:
Urgh, libvirt parsing image files is really unfortunate, it really
doesn't give me warm fuzzy feelings :( libvirt really should not know
about in
On Tue, Jul 19, 2011 at 3:30 PM, Jes Sorensen wrote:
> On 07/19/11 16:24, Eric Blake wrote:
>> [adding the libvir-list]
>> On 07/19/2011 08:09 AM, Jes Sorensen wrote:
>>> Urgh, libvirt parsing image files is really unfortunate, it really
>>> doesn't give me warm fuzzy feelings :( libvirt really sh
[adding the libvir-list]
On 07/19/2011 08:09 AM, Jes Sorensen wrote:
On 07/19/11 15:58, Eric Blake wrote:
On 07/19/2011 07:27 AM, Jes Sorensen wrote:
Eric, what happens if libvirt in an selinux environment tells QEMU to
launch using an image file that is backed by backing file(s)?
Before sta
On 07/19/11 16:24, Eric Blake wrote:
> [adding the libvir-list]
> On 07/19/2011 08:09 AM, Jes Sorensen wrote:
>> Urgh, libvirt parsing image files is really unfortunate, it really
>> doesn't give me warm fuzzy feelings :( libvirt really should not know
>> about internals of image formats.
>
> But
On 07/19/11 15:58, Eric Blake wrote:
> On 07/19/2011 07:27 AM, Jes Sorensen wrote:
>> Eric, what happens if libvirt in an selinux environment tells QEMU to
>> launch using an image file that is backed by backing file(s)?
>
> Before starting qemu, libvirt first parses all the image files, to see
>
On 07/19/2011 07:27 AM, Jes Sorensen wrote:
On 07/19/11 15:23, Stefan Hajnoczi wrote:
On Tue, Jul 19, 2011 at 8:24 AM, Jes Sorensen wrote:
On 07/18/11 16:08, Stefan Hajnoczi wrote:
On Fri, Jul 15, 2011 at 3:58 PM, Jes Sorensen wrote:
I have been updating the live snapshot wiki for qemu to t
On 07/19/11 15:23, Stefan Hajnoczi wrote:
> On Tue, Jul 19, 2011 at 8:24 AM, Jes Sorensen wrote:
>> On 07/18/11 16:08, Stefan Hajnoczi wrote:
>>> On Fri, Jul 15, 2011 at 3:58 PM, Jes Sorensen
>>> wrote:
I have been updating the live snapshot wiki for qemu to try and cover
the commands
On Tue, Jul 19, 2011 at 8:24 AM, Jes Sorensen wrote:
> On 07/18/11 16:08, Stefan Hajnoczi wrote:
>> On Fri, Jul 15, 2011 at 3:58 PM, Jes Sorensen
>> wrote:
>>> I have been updating the live snapshot wiki for qemu to try and cover
>>> the commands we will want for async snapshot handling too.
>>>
On 07/18/11 16:08, Stefan Hajnoczi wrote:
> On Fri, Jul 15, 2011 at 3:58 PM, Jes Sorensen wrote:
>> I have been updating the live snapshot wiki for qemu to try and cover
>> the commands we will want for async snapshot handling too.
>>
>> http://wiki.qemu.org/Features/Snapshots
>
> Regarding fd pa
On Fri, Jul 15, 2011 at 3:58 PM, Jes Sorensen wrote:
> I have been updating the live snapshot wiki for qemu to try and cover
> the commands we will want for async snapshot handling too.
>
> http://wiki.qemu.org/Features/Snapshots
Regarding fd passing, do we even support SELinux today with backing
Hi,
I have been updating the live snapshot wiki for qemu to try and cover
the commands we will want for async snapshot handling too.
http://wiki.qemu.org/Features/Snapshots
Cheers,
Jes
51 matches
Mail list logo
