[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 2/4] doc: add storage format entries



Hello Eric,

Am Mittwoch 27 Februar 2013, 02:00:07 schrieb Eric Blake:
> On 02/26/2013 05:42 AM, Philipp Hahn wrote:
> > Add format/@type entries to examples to show what the text is talking
> > about.
> > 
> > Signed-off-by: Philipp Hahn <hahn univention de>
> > ---
> > 
> >  docs/storage.html.in |    4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > +++ b/docs/storage.html.in
> > @@ -185,6 +185,7 @@
> > 
> >          &lt;name&gt;virtimages&lt;/name&gt;
> >          &lt;source&gt;
> >          
> >            &lt;device path="/dev/VolGroup00/VirtImages"/&gt;
> > 
> > +          &lt;format type="auto"/&gt;
> > 
> >          &lt;/source&gt;
> 
> Question - is type="auto" safe, or does it risk the CVE where a raw
> image can be abused by a guest in a manner to make libvirt mis-detect
> the storage as some other type, and potentially causing libvirt to
> follow a backing chain outside of the guest's permitted reach?

Good question!
I just re-checked the three additions of <format type="auto"/> which all 
happen for storage pool, not storage volumes. So they are not accessible by 
VMs.

> Depending on the answer, either this is safe to push as-is into 1.0.3,
> or we should revisit all mention of type="auto" to clarify the danger of
> relying on probing.

The "auto" are also the default from src/conf/storage_conf.c:
$ grep -n "defaultFormat = VIR_STORAGE_POOL_" src/conf/storage_conf.c
152:            .defaultFormat = VIR_STORAGE_POOL_LOGICAL_LVM2,
167:            .defaultFormat = VIR_STORAGE_POOL_FS_AUTO,
181:            .defaultFormat = VIR_STORAGE_POOL_NETFS_AUTO,
239:            .defaultFormat = VIR_STORAGE_POOL_DISK_UNKNOWN,

I chose "auto" because that looked like a safe default, before any admin 
accidentally wipes his pools.
For the disk pool I chose "gpt" because "unknown" somehow looked strange and 
"msdos" is limited to 2 TB, so the seconds recommendation looked best to me.

To me "auto" looks safe.

Sincerely
Philipp
-- 
Philipp Hahn           Open Source Software Engineer      hahn univention de
Univention GmbH        be open.                       fon: +49 421 22 232- 0
Mary-Somerville-Str.1  D-28359 Bremen                 fax: +49 421 22 232-99
                                                   http://www.univention.de/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]