From nobody Fri May 3 23:12:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1582792899; cv=none; d=zohomail.com; s=zohoarc; b=Pm5K6HeDSHa3pugQ2daHqbpt8rMQW/pzlnxC1xzb/9b+hZaTbvmGU9ykKcshtR5FwpeExb2P0T5Tbwh2CjiLiIFs8f0Br0Qt9TMVOXR+E21WT6/l0d5e7FAEsJ9ZIwG3YJWD28kEgT7D2xPqr/VHhzr/0uv8T4mm1ppANcRqKpo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582792899; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=pvPYm6E6148dqi9Xe+ao3Iajr5cLbuBFXvb9KRViL7g=; b=BfWoThTMwvX2+mOMTy2NySW1ouRMAV0/eQVEr2P3XUZfNBZ4y9vvwTyOb/6PpkTqDfhlVitD0De1vgfoC948Cj5RtjsC8LNv1O9DRR13rQtzMemc4t8FUsH7fOxTsB2fTzvLrdUDDnSoAbMMv1+nvOC45nOAnQJjMCDcbqe1o+k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1582792899246942.0484820575236; Thu, 27 Feb 2020 00:41:39 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-248-cPLTOcMTOleDTx7EvpFIFg-1; Thu, 27 Feb 2020 03:41:36 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 18F52DB24; Thu, 27 Feb 2020 08:41:31 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DB89960BE1; Thu, 27 Feb 2020 08:41:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4A9ED8446D; Thu, 27 Feb 2020 08:41:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 01R8fG63014350 for ; Thu, 27 Feb 2020 03:41:16 -0500 Received: by smtp.corp.redhat.com (Postfix) id 42984385; Thu, 27 Feb 2020 08:41:16 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id BCC3119C58 for ; Thu, 27 Feb 2020 08:41:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582792898; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=pvPYm6E6148dqi9Xe+ao3Iajr5cLbuBFXvb9KRViL7g=; b=fpoeVNrmApy+n8Y6EZUsOh80M7zOPDrl0ytfbCIqz+MRDiXRvbFuYDu637CTX82eLPePqH eMcPwOxipjzmaVrFyFrZtXvAh2LPEORs16DccWRfY7uJtaALeps9dcnxzPiCFr6YORj6m8 Bc/+6njLgLLm6fsj92UL69UKX+jRhAA= X-MC-Unique: cPLTOcMTOleDTx7EvpFIFg-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 1/2] kbase: backing_chains: Add steps how to securely probe image format Date: Thu, 27 Feb 2020 09:41:10 +0100 Message-Id: <9eb5b71090b3362db6787202f099aaf9f4881fc8.1582792793.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" We document steps how to fix images if they are rejected for missing the 'backing file format' field. Document also how to securely probe the image format if its unknown. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- docs/kbase/backing_chains.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/kbase/backing_chains.rst b/docs/kbase/backing_chains.rst index 12ed6253ac..af848ccb14 100644 --- a/docs/kbase/backing_chains.rst +++ b/docs/kbase/backing_chains.rst @@ -176,6 +176,21 @@ properly. ``$BACKING_IMAGE_PATH`` should be specified = as a full absolute path. If relative referencing of the backing image is desired, the path must be relative to the location of image described by ``$IMAGE_PATH``. +**Important:** If the ``$BACKING_IMAGE_FORMAT`` is not known it can be que= ried +using ``qemu-img info $BACKING_IMAGE_PATH`` and looking for the ``file for= mat:`` +field, but for security reasons should be used *only* if at least one of t= he +following criteria is met: + +- ``file format`` is ``raw`` +- ``backing file`` is NOT present +- ``backing file`` is present AND is correct/trusted + +Note that the last criteria may require manual inspection and thus should = not +be scripted unless the trust for the image can be expressed programaticall= y. + +Also note that the above steps may need to be repeated recursively for any +subsequent backing images. + Missing images reported after after moving disk images into a different pa= th --------------------------------------------------------------------------= -- --=20 2.24.1 From nobody Fri May 3 23:12:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1582792903; cv=none; d=zohomail.com; s=zohoarc; b=M4P7+XuSbbZ0Xp8fWzP0VYSqfIgZmWhoLrj6rE1t7Z7cRomy0TXk4vFu/uvc/agaoFYYCblEnua4oPwqgUfdbcLoDC4DFoWQ8Xunf/bXmTft24JDfJEZOl/+1SBqXk+LvC7ELS0RDXQGbMJDOPRfZzzlp+baGQAGnrlSp2JZQDA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582792903; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=tNkyJlFbEdwnW30oDPOafhY9KZxpHuQyYcQBXa7P/dI=; b=ClWTSR0Yfdm5cHmJitOwMMoQnVslUwlzVLW6XNMNOcG0iZlX+iwN3JOqwXL4+4ca94rW5rGLMqU9ZSF1hho76Wy9IY4a8rIpr0Wky791DmUgKS4N/PCPjHYVqv+IN3D1RTE+PSkSaRUpe43ORYBsWLL5PjPHH7CQx+vzvqrQ02I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1582792903918488.8653124501777; Thu, 27 Feb 2020 00:41:43 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-308-lHVgmT-EMJOQup2mZSVqUQ-1; Thu, 27 Feb 2020 03:41:40 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 20DF4DB22; Thu, 27 Feb 2020 08:41:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DECDE5C545; Thu, 27 Feb 2020 08:41:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7605284481; Thu, 27 Feb 2020 08:41:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 01R8fHla014355 for ; Thu, 27 Feb 2020 03:41:17 -0500 Received: by smtp.corp.redhat.com (Postfix) id 16F76399; Thu, 27 Feb 2020 08:41:17 +0000 (UTC) Received: from angien.redhat.com (unknown [10.43.2.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 91F6019C58 for ; Thu, 27 Feb 2020 08:41:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582792902; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=tNkyJlFbEdwnW30oDPOafhY9KZxpHuQyYcQBXa7P/dI=; b=bVdTguBKPWW1r2XQLoZoN1kK0TOoD80rEQRMUmpP9ii3SpK9uOXm+7AXQ4MOiR7UbPI/Wx sfmcsy5Khi9ehwPaabWUXEdV4dwvw88WL/3sj1ulU0+ojcOVKEkybH/v6MIECtQKc2ZH6q WqrQVSQkjyzLqdU1qmcMqYYYTnbe22I= X-MC-Unique: lHVgmT-EMJOQup2mZSVqUQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 2/2] news: Document recent storage improvements Date: Thu, 27 Feb 2020 09:41:11 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- docs/news.xml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index f69c9c4780..0b67c4dcc2 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -113,8 +113,31 @@ exposes the same capability to libvirt users. + + + qemu: Storage configuration improvements + + + Libvirt now accepts <backingStore type=3D'volume'> + and allows to specify the offset and size of the image format + container inside of the storage source via the <slices&= gt; + subelement. + +
+ + + qemu: Image format probing is allowed in certain cases + + + To resolve regressions when users didn't specify the backing ima= ge + format in the overlay libvirt now probes the format in certain + secure scenarios which fixes few common existing cases. Addition= ally + the knowledge base was extended to provide more information how + to rectify the problem. + +
--=20 2.24.1