[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH RFC 1/2] block: Limit opening of encrypted image
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-devel] [PATCH RFC 1/2] block: Limit opening of encrypted images to qemu-img |
|
Date: |
Tue, 10 Mar 2015 12:21:23 -0600 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
On 03/10/2015 11:26 AM, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster <address@hidden>
> ---
> block/qcow.c | 5 +++++
> block/qcow2.c | 5 +++++
> include/block/block.h | 3 +--
> qemu-img.c | 1 +
> 4 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/block/qcow.c b/block/qcow.c
> index 0558969..f54fc86 100644
> --- a/block/qcow.c
> +++ b/block/qcow.c
> @@ -155,6 +155,11 @@ static int qcow_open(BlockDriverState *bs, QDict
> *options, int flags,
> }
> s->crypt_method_header = header.crypt_method;
> if (s->crypt_method_header) {
> + if (!(flags & BDRV_O_CRYPT_OK)) {
> + error_setg(errp, "image is encrypted, use qemu-img to decrypt
> it");
> + ret = -EINVAL;
> + goto fail;
> + }
> bs->encrypted = 1;
I think this message will make it nicely through to libvirt, if libvirt
still tries to use encryption (although I didn't actually test it, as
qcow2 encryption is so broken that I've never actually tried using it).
More importantly, patch 2/2 does something that can be observed via
'query-commands' introspection, so that newer libvirt can be made smart
enough to not even attempt to use encrypted images.
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature