On Mon, Feb 12, 2018 at 01:42:11PM +0100, Kevin Wolf wrote:
> Am 12.02.2018 um 11:02 hat Daniel P. Berrangé geschrieben:
> > On Mon, Feb 12, 2018 at 10:58:31AM +0100, Paolo Bonzini wrote:
> > > On 10/02/2018 00:07, John Snow wrote:
> > > >> +    /* Early check to avoid creating target */
> > > >> +    if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) {
> > > >> +        return;
> > > >> +    }
> > > >> +
> > > >>      aio_context = bdrv_get_aio_context(bs);
> > > >>      aio_context_acquire(aio_context);
> > > >>  
> > > >>
> > > > What's the implication of the temporarily-extant target node that it
> > > > needs to be avoided so strictly?
> > > > 
> > > 
> > > Creating a file on disk, that no one will ever remvoe. :)
> > 
> > Fortunately libvirt's SELinux policy will probably prevent QEMU creating
> > it in the first place :-)
> 
> Well, calling drive-mirror without allowing QEMU to create the target
> image would be a bit pointless, so I think we can assume that libvirt
> did set up the file permission so that QEMU can create it. (Unless
> mode=existing is used, but I understand that libvirt doesn't want to
> create images with qemu-img, so that doesn't seem to be the case...)

We use either mode=existing or mode=absolute-paths depending on what
the mgmt app asked for in the API call to libvirt. I'm still kind of
suprised if mode=absolute-paths will work because we ought to be
blocking the creation of the file AFAIK and we can't pre-label a file
that doesn't exist yet.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to