a93402d48b
When QEMU opens a backing store for a QCow2 file, it will normally auto-probe for the format of the backing store, rather than assuming it has the same format as the referencing file. There is a QCow2 extension that allows an explicit format for the backing store to be embedded in the referencing file. This closes the auto-probing security hole in QEMU. This backing store format can be useful for libvirt users of virStorageFileGetMetadata, so extract this data and report it. QEMU does not require disk image backing store files to be in the same format the file linkee. It will auto-probe the disk format for the backing store when opening it. If the backing store was intended to be a raw file this could be a security hole, because a guest may have written data into its disk that then makes the backing store look like a qcow2 file. If it can trick QEMU into thinking the raw file is a qcow2 file, it can access arbitrary files on the host by adding further backing store links. To address this, callers of virStorageFileGetMeta need to be told of the backing store format. If no format is declared, they can make a decision whether to allow format probing or not.
LibVirt : simple API for virtualization
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.
Daniel Veillard <veillard@redhat.com>