NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

storage: Disallow create/resize of qcow2 encrypted images

Browse Source 
https://bugzilla.redhat.com/show_bug.cgi?id=1526382

Since commit c4eedd793 disallowed qcow2 encrypted images to be
used for domains, it no longer makes sense to allow a qcow2
encrypted volume to be created or resized.

Add a test that will exhibit the failure of creation as well
as the xml2xml validation of the format still being correct.

Update the documentation to note the removal of the capability
to create and use qcow/default encrypted volumes.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
John Ferlan
2018-06-20 16:21:50 -04:00
parent a02d879858
commit 8f83af6823
7 changed files with 104 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/formatstorageencryption.html.in
View File

@@ -39,22 +39,14 @@
specified <code>uuid</code>.
</p>
<h3><a id="StorageEncryptionDefault">"default" format</a></h3>
<p>
<code>&lt;encryption format="default"/&gt;</code> can be specified only
when creating a qcow volume. If the volume is successfully created, the
encryption formats, parameters and secrets will be auto-generated by
libvirt and the attached <code>encryption</code> tag will be updated.
The unmodified contents of the <code>encryption</code> tag can be used
in later operations with the volume, or when setting up a domain that
uses the volume.
</p>
<h3><a id="StorageEncryptionQcow">"qcow" format</a></h3>
<p>
The <code>qcow</code> format specifies that the built-in encryption
support in <code>qcow</code>- or <code>qcow2</code>-formatted volume
images should be used. A single
<code>&lt;secret type='passphrase'&gt;</code> element is expected. Note
that this encryption is inherently broken and should not be used any more.
<span class="since">Since 4.5.0,</span> encryption formats
<code>default</code> and <code>qcow</code> may no longer be used
to create an encrypted volume. Usage of qcow encrypted volumes
in QEMU began phasing out in QEMU 2.3 and by QEMU 2.9 creation
of a qcow encrypted volume via qemu-img required usage of secret
objects, but that support was not added to libvirt.
</p>
<h3><a id="StorageEncryptionLuks">"luks" format</a></h3>
<p>
@@ -121,15 +113,6 @@
<h2><a id="example">Examples</a></h2>
<p>
Here is a simple example, specifying use of the <code>qcow</code> format:
</p>
<pre>
&lt;encryption format='qcow'&gt;
&lt;secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' /&gt;
&lt;/encryption&gt;</pre>
<p>
Assuming a <a href="formatsecret.html#VolumeUsageType">
<code>luks volume type secret</code></a> is already defined,