[libvirt] [PATCH 2/3] snapshot: save domain description with snapshot
Philipp Hahn
hahn at univention.de
Mon Aug 15 06:44:15 UTC 2011
Hello Eric,
Am Samstag 13 August 2011 00:08:11 schrieb Eric Blake:
> On 04/12/2011 12:16 AM, Philipp Hahn wrote:
> > Save the domain description with the XML snapshot data.
> > TODOs:
> > - XML file is no longer nicely indented
>
> Cosmetic, and can be fixed later.
>
> > - Fix esx driver
> > - Fix vbox driver
>
> Do these need to save domain xml state in the first place? They aren't
> using libvirt to track domain state in the first time, but call out to
> the hypervisor for everything. And if the hypervisor is already doing a
> good job of reverting across configuration changes, then it doesn't hurt
> if they continue to use just <domain>/<uuid> instead of full <domain> in
> the snapshot output that libvirt generates on virDomainSnapshotGetXMLDesc.
I don't have access to any ESX system, so I couldn't check. At least with our
(very) old VMWare Server when doing a snapshot, the configuration is saved,
so on revert you get the old configuration again. That difference was
actually what got us to implement this for Qemu as well.
VBox I didn't check: We're using it for another project I'm currently not
working on, but there libvirt isn't used to manage it.
> > @@ -8694,9 +8705,17 @@ char *virDomainSnapshotDefFormat(char
> > *domain_uuid, }
> > virBufferVSprintf(&buf, "<creationTime>%ld</creationTime>\n",
> > def->creationTime);
> > - virBufferAddLit(&buf, "<domain>\n");
> > - virBufferVSprintf(&buf, "<uuid>%s</uuid>\n", domain_uuid);
> > - virBufferAddLit(&buf, "</domain>\n");
> > + if (def->dom != NULL) {
> > + xml = virDomainDefFormat(def->dom, VIR_DOMAIN_XML_INACTIVE |
> > VIR_DOMAIN_XML_SECURE);
>
> Security hole. You cannot blindly add VIR_DOMAIN_XML_SECURE if this is
> destined to external output, rather, it has to be passed in from the
> user's flags, and libvirt.c has to validate that
> virDomainSnapshotGetXMLDesc rejects the flag on read-only connections.
Yes, but for a PoC that was the easiest thing to do. Glad you spotted that.
Sincerely
Philipp Hahn
--
Philipp Hahn Open Source Software Engineer hahn at univention.de
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99
http://www.univention.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110815/5e077091/attachment-0001.sig>
More information about the libvir-list
mailing list