Commit Graph

244 Commits

Author SHA1 Message Date
aliguori
76655d6dec Support ACLs for controlling VNC access ("Daniel P. Berrange")
This patch introduces a generic internal API for access control lists
to be used by network servers in QEMU. It adds support for checking
these ACL in the VNC server, in two places. The first ACL is for the
SASL authentication mechanism, checking the SASL username. This ACL
is called 'vnc.username'. The second is for the TLS authentication
mechanism, when x509 client certificates are turned on, checking against
the Distinguished Name of the client. This ACL is called 'vnc.x509dname'

The internal API provides for an ACL with the following characteristics

 - A unique name, eg  vnc.username, and vnc.x509dname.
 - A default policy, allow or deny
 - An ordered series of match rules, with allow or deny policy

If none of the match rules apply, then the default policy is
used.

There is a monitor API to manipulate the ACLs, which I'll describe via
examples

  (qemu) acl show vnc.username
  policy: allow
  (qemu) acl policy vnc.username denya
  acl: policy set to 'deny'
  (qemu) acl allow vnc.username fred
  acl: added rule at position 1
  (qemu) acl allow vnc.username bob
  acl: added rule at position 2
  (qemu) acl allow vnc.username joe 1
  acl: added rule at position 1
  (qemu) acl show vnc.username
  policy: deny
  0: allow fred
  1: allow joe
  2: allow bob


  (qemu) acl show vnc.x509dname
  policy: allow
  (qemu) acl policy vnc.x509dname deny
  acl: policy set to 'deny'
  (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
  acl: added rule at position 1
  (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
  acl: added rule at position 2
  (qemu) acl show vnc.x509dname
  policy: deny
  0: allow C=GB,O=ACME,L=London,CN=*
  1: allow C=GB,O=ACME,L=Boston,CN=bob

By default the VNC server will not use any ACLs, allowing access to
the server if the user successfully authenticates. To enable use of
ACLs to restrict user access, the ',acl' flag should be given when
starting QEMU. The initial ACL activated will be a 'deny all' policy
and should be customized using monitor commands.

eg enable SASL auth and ACLs

    qemu ....  -vnc localhost:1,sasl,acl

The next patch will provide a way to load a pre-defined ACL when
starting up


 Makefile        |    6 +
 b/acl.c         |  185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 b/acl.h         |   74 ++++++++++++++++++++++
 configure       |   18 +++++
 monitor.c       |   95 ++++++++++++++++++++++++++++
 qemu-doc.texi   |   49 ++++++++++++++
 vnc-auth-sasl.c |   16 +++-
 vnc-auth-sasl.h |    7 ++
 vnc-tls.c       |   19 +++++
 vnc-tls.h       |    3 
 vnc.c           |   21 ++++++
 vnc.h           |    3 
 12 files changed, 491 insertions(+), 5 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:37 +00:00
aliguori
2f9606b373 Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.

It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5).  If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.

eg, if using GSSAPI

   qemu -vnc localhost:1,sasl

eg if using  TLS/x509 for encryption

   qemu -vnc localhost:1,sasl,tls,x509


By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf.  For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2.  NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.

Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c.  The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.

There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use

 - Clear.    read/write straight to socket
 - TLS.      read/write via GNUTLS helpers
 - SASL.     encode/decode via SASL SSF layer, then read/write to socket
 - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS

Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.

   vnc_client_read:  main entry point for reading, calls either

       - vnc_client_read_plain   reading, with no intermediate decoding
       - vnc_client_read_sasl    reading, with SASL SSF decoding

   These two methods, then call vnc_client_read_buf(). This decides
   whether to write to the socket directly or write via GNUTLS.

The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.

The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.

The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.


 Makefile            |    7 
 Makefile.target     |    5 
 b/qemu.sasl         |   34 ++
 b/vnc-auth-sasl.c   |  626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 b/vnc-auth-sasl.h   |   67 +++++
 configure           |   34 ++
 qemu-doc.texi       |   97 ++++++++
 vnc-auth-vencrypt.c |   12 
 vnc.c               |  249 ++++++++++++++++++--
 vnc.h               |   31 ++
 10 files changed, 1129 insertions(+), 33 deletions(-)

   Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 20:27:28 +00:00
aliguori
0858532ea9 chroot and change user support (Nolan)
Resent with fixed formatting.

This patch adds two new command line options:
 -chroot <dir>
 -runas <user>

This is useful for running qemu as an unprivileged user in a chroot
jail.  To avoid having to populate the jail, chrooting happens right
before the start of guest execution.

Signed-off-by: Nolan Leake <nolan@sigbus.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6652 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-27 22:09:45 +00:00
aliguori
8a92ea2f2c Allow additions of ACPI tables from command line (Gleb Natapov)
This is needed to dynamically add SLIC tables with Windows
activation keys.
    
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6650 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-27 20:12:36 +00:00
aliguori
8ca9217d04 specify vmchannel as a net option (Gleb Natapov)
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6623 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-16 15:34:18 +00:00
blueswir1
006f3a48e0 Switch Mac99 to OpenBIOS
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6560 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-08 15:59:36 +00:00
aurel32
aa71cf802e QEMU Microsoft serial mouse emulation
Adds "msmouse" character device, which emulates a serial mouse.
Use it with -serial msmouse.

Signed-Off-By: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6559 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-08 15:53:20 +00:00
aurel32
1f605a7641 Additional VGA options for MIPS Malta
Support all kinds of pci vga cards (including none)

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6557 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-08 14:51:19 +00:00
blueswir1
d2c639d6dc Synch code, help and docs
Rearrange code, help printout and docs so that they are in the same
(hopefully more logical) order for easier maintenance.

Add help and docs for undocumented options.

Reformat slightly for more consistent help output.

Add comments to encourage better synchronization in the future.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6432 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-24 18:19:25 +00:00
aliguori
73822ec806 Add -rtc-td-hack option to fix time drift with RTC on Windows (Gleb Natapov)
After my last patch to fix interrupt coalescing was rejected
on the basis that it is too intrusive we decided to make the
fix much more localized and only fix the problem for RTC time
source. Unfortunately it is impossible to fix the problem entirely
inside RTC code like Andrzej proposed since Windows reads RTC
register C more then once on each time interrupt so it is impossible
to count reliably how many interrupt windows actually handled.
Proposed solution is localized to I386 target and is disabled by
default. To enable it "-rtc-td-hack" flag should be used.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6320 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-15 20:11:34 +00:00
malc
1d1f8c33d3 Update to reflect the fact that AC97 will be built by default
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6259 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-09 10:46:37 +00:00
aurel32
d45952a0fc Some more updates for the g3bw -> g3beige change
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6230 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-08 16:01:13 +00:00
aurel32
13e4e059ae update the documentation for the g3bw -> g3beige change
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6229 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-07 23:51:36 +00:00
aliguori
7a9f6e4a8d Add a -net name=foo parameter (Mark McLoughlin)
Allow the user to supply a vlan client name on the command line.

This is probably only useful for management tools so that they can
use their own names rather than parsing the output of 'info network'.

Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6220 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-07 17:48:51 +00:00
aliguori
fa879c6414 add "serial" parameter to -drive flag (Gleb Natapov)
Windows calculates HW "uniqueness" based on a hard drive serial number
among other things. The patch allows to specify drive serial number
from a command line.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6214 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-07 17:32:33 +00:00
blueswir1
95efd11c12 Add support for -prom-env command line options
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6129 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-24 20:26:14 +00:00
blueswir1
992e5acd4d Use OpenBIOS for g3bw machine
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6128 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-24 20:23:51 +00:00
balrog
ef4c3856d6 Add ARM board names still missing from qemu-doc.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6039 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-15 02:12:20 +00:00
balrog
997641a84f ARM: basic SX1-cellphone sysemu support (Jean-Christophe PLAGNIOL-VILLARD).
The TSC2102 chip is not included in documentation because a patch is
pending.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6038 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-15 02:05:00 +00:00
aliguori
2569da0cb6 Accept password as an argument to 'change vnc password' monitor command (Chris Webb)
This allows easier use of the change vnc password monitor command from
management scripts, without having to implement expect(1)-like behaviour.

Signed-off-by: Chris Webb <chris@arachsys.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5967 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-10 15:14:13 +00:00
aliguori
4dc822d726 Use writeback caching by default with qcow2
qcow2 writes a cluster reference count on every cluster update.  This causes
performance to crater when using anything but cache=writeback.  This is most
noticeable when using savevm.  Right now, qcow2 isn't a reliable format
regardless of the type of cache your using because metadata is not updated in
the correct order.  Considering this, I think it's somewhat reasonable to use
writeback caching by default with qcow2 files.

It at least avoids the massive performance regression for users until we sort
out the issues in qcow2. 

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5879 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 21:39:21 +00:00
aliguori
6e02c38dad Add virtio-blk support
Virtio-blk is a paravirtual block device based on VirtIO.  It can be used by
specifying the if=virtio parameter to the -drive parameter.

When using -enable-kvm, it can achieve very good performance compared to IDE or
SCSI.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5870 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 19:52:44 +00:00
malc
9b3469cc9a Clarify -soundhw documentation as to avoid hda confusion
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5867 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 18:01:26 +00:00
aurel32
1addc7c5a1 Spelling and grammar fixes
Minor fixes of spelling and grammar in comments and documentation

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5835 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-30 16:25:37 +00:00
aurel32
030370a210 qemu-doc.texi: rewrite the documentation for the -net option
Addresses comments from Jamie Lokier.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5807 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-28 11:17:43 +00:00
aurel32
f5fc997546 qemu-doc.texi: document downscript network option
From Guido Günther, through the Debian BTS.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5806 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-28 10:11:17 +00:00
balrog
2d5646916d Document bluetooth support in qemu-doc.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5654 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-09 02:24:54 +00:00
blueswir1
84778508d7 Preliminary BSD user emulator support
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5544 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-26 20:33:16 +00:00
aliguori
9f7965c7e9 Expand cache= option and use write-through caching by default
This patch changes the cache= option to accept none, writeback, or writethough
to control the host page cache behavior.  By default, writethrough caching is
now used which internally is implemented by using O_DSYNC to open the disk
images.  When using -snapshot, writeback is used by default since data integrity
it not at all an issue.

cache=none has the same behavior as cache=off previously.  The later syntax is
still supported by now deprecated.  I also cleaned up the O_DIRECT
implementation to avoid many of the #ifdefs.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5485 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-14 14:42:54 +00:00
blueswir1
34a3d2399b Update Sparc docs, add -cpu flag
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5418 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-04 20:43:39 +00:00
aurel32
54ae1fbdf6 qemu-doc: document use of raw values with sendkey
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5383 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-01 21:46:07 +00:00
malc
3893c124e7 Change the way video graphics adapter is selected
Instead of having (current)three command line switches -std-vga,
-cirrusvga and -vmwarevga, provide one -vga switch which takes
an argument, so that:
qemu -std-vga   becomes qemu -vga std
qemu -cirrusvga becomes qemu -vga cirrus
qemu -vmwarevga becomes qemu -vga vmware

Update documentation accordingly.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5335 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-28 00:42:05 +00:00
aurel32
334c0241c0 Add image format option for USB mass-storage devices
(fix CVE-2008-1945)

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5059 c046a42c-6fe2-441c-8c8c-71466251a162
2008-08-21 22:24:32 +00:00
balrog
9ad97e6503 Simplify -usbdevice net: syntax, allow VLANs with no NICs.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4965 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-29 13:16:31 +00:00
blueswir1
c7ba218da1 Add T1 and T2 CPUs, add a Sun4v machine
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4923 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-22 07:07:34 +00:00
ths
8a16d27388 Add Virtual Distributed Ethernet native support, by Luca Bigliardi.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4896 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-19 09:56:24 +00:00
balrog
6c9f886cea Add CDC-Ethernet usb NIC (original patch from Thomas Sailer).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4884 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-17 20:47:13 +00:00
ths
75818250ba Allow QEMU to connect directly to an NBD server, by Laurent Vivier.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4838 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-03 13:41:03 +00:00
ths
975b092bd9 Cleanup qemu-nbd related code, by Laurent Vivier.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4829 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-02 21:18:00 +00:00
pbrook
dd5d6fe913 Add missing file. Fix spelling errors.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4800 c046a42c-6fe2-441c-8c8c-71466251a162
2008-06-29 10:43:16 +00:00
pbrook
2e70f6efa8 Add instruction counter.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4799 c046a42c-6fe2-441c-8c8c-71466251a162
2008-06-29 01:03:05 +00:00
malc
e5178e8de4 Consistency
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4796 c046a42c-6fe2-441c-8c8c-71466251a162
2008-06-28 19:13:02 +00:00
malc
0c58ac1c76 Change the way audio is configured
Instead of having separate option for each card and driver use
--audio-drv-list and --audio-card-list options.

Under Linux it allows to set the default(first probed) driver
to something other than OSS.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4792 c046a42c-6fe2-441c-8c8c-71466251a162
2008-06-25 21:04:05 +00:00
malc
cc53d26d4d ISA version of CS4231A
Hopefully someday will be merged with cs4231.c (SPARC version)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4741 c046a42c-6fe2-441c-8c8c-71466251a162
2008-06-13 10:48:22 +00:00
balrog
c30bb26499 Add N810 to allowed -M values, add documentation part for N8x0.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4490 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-18 13:01:40 +00:00
edgar_igl
94d45e4480 Correct a formatting issue (Carlo Marcelo Arenas Belon).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4417 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-10 19:37:44 +00:00
edgar_igl
60897d369f Debugger single step without interrupts (Jason Wessel).
This patch allows the qemu backend debugger to single step an
instruction without running the hardware interrupts.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4391 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-09 08:25:14 +00:00
balrog
57cd6e977c MusicPal docs snippet (Jan Kiszka) and reshuffle ChangeLog.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4371 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-07 12:23:32 +00:00
aurel32
0ecdffbb60 Allow bootdevice change from the monitor
(Gildas Le Nadan)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4333 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-04 20:11:34 +00:00
aurel32
1e72d3b7ad add format= to drive options (CVE-2008-2004)
It is possible for a guest with a raw formatted disk image to write a
header to that disk image describing another format (such as qcow2).
Stopping and subsequent restart of the guest will cause qemu to detect
that format, and could allow the guest to read any host file if qemu is
sufficiently privileged (typical in virt environments).

The patch defaults to existing behaviour (probing based on file contents),
so it still requires the mgmt app (e.g. libvirt xml) to pass a new
"format=raw" parameter for raw disk images.

Originally noted by Avi Kivity, patch from Chris Wright.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4277 c046a42c-6fe2-441c-8c8c-71466251a162
2008-04-28 20:26:45 +00:00