libvirt/SOURCES/libvirt-kbase-backing_chains-Add-steps-how-to-securely-probe-image-format.patch

From 9146b5849b0dfc2ee59eea09712cc7f5f88c88f2 Mon Sep 17 00:00:00 2001
Message-Id: <9146b5849b0dfc2ee59eea09712cc7f5f88c88f2@dist-git>
From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 28 Feb 2020 10:24:45 +0100
Subject: [PATCH] kbase: backing_chains: Add steps how to securely probe image
 format
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We document steps how to fix images if they are rejected for missing
the 'backing file format' field. Document also how to securely probe
the image format if it's unknown.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 82d5b762f11b50abb710c751251f28d4325a4c91)

https://bugzilla.redhat.com/show_bug.cgi?id=1798148
Message-Id: <039ebfe436c361b067ef73a7c0bb16db1e410044.1582881363.git.pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 docs/kbase/backing_chains.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/kbase/backing_chains.rst b/docs/kbase/backing_chains.rst
index 12ed6253ac..af848ccb14 100644
--- a/docs/kbase/backing_chains.rst
+++ b/docs/kbase/backing_chains.rst
@@ -176,6 +176,21 @@ properly. ``$BACKING_IMAGE_PATH`` should be specified as a full absolute path.
 If relative referencing of the backing image is desired, the path must be
 relative to the location of image described by ``$IMAGE_PATH``.
 
+**Important:** If the ``$BACKING_IMAGE_FORMAT`` is not known it can be queried
+using ``qemu-img info $BACKING_IMAGE_PATH`` and looking for the ``file format:``
+field, but for security reasons should be used *only* if at least one of the
+following criteria is met:
+
+- ``file format`` is ``raw``
+- ``backing file`` is NOT present
+- ``backing file`` is present AND is correct/trusted
+
+Note that the last criteria may require manual inspection and thus should not
+be scripted unless the trust for the image can be expressed programatically.
+
+Also note that the above steps may need to be repeated recursively for any
+subsequent backing images.
+
 Missing images reported after after moving disk images into a different path
 ----------------------------------------------------------------------------
 
-- 
2.25.1
import libvirt-6.0.0-27.module+el8.3.0+7602+4b93512e 2020-08-27 18:56:47 +00:00			`From 9146b5849b0dfc2ee59eea09712cc7f5f88c88f2 Mon Sep 17 00:00:00 2001`
			`Message-Id: <9146b5849b0dfc2ee59eea09712cc7f5f88c88f2@dist-git>`
			`From: Peter Krempa <pkrempa@redhat.com>`
			`Date: Fri, 28 Feb 2020 10:24:45 +0100`
			`Subject: [PATCH] kbase: backing_chains: Add steps how to securely probe image`
			`format`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`We document steps how to fix images if they are rejected for missing`
			`the 'backing file format' field. Document also how to securely probe`
			`the image format if it's unknown.`

			`Signed-off-by: Peter Krempa <pkrempa@redhat.com>`
			`Reviewed-by: Ján Tomko <jtomko@redhat.com>`
			`(cherry picked from commit 82d5b762f11b50abb710c751251f28d4325a4c91)`

			`https://bugzilla.redhat.com/show_bug.cgi?id=1798148`
			`Message-Id: <039ebfe436c361b067ef73a7c0bb16db1e410044.1582881363.git.pkrempa@redhat.com>`
			`Reviewed-by: Ján Tomko <jtomko@redhat.com>`
			`---`
			`docs/kbase/backing_chains.rst \| 15 +++++++++++++++`
			`1 file changed, 15 insertions(+)`

			`diff --git a/docs/kbase/backing_chains.rst b/docs/kbase/backing_chains.rst`
			`index 12ed6253ac..af848ccb14 100644`
			`--- a/docs/kbase/backing_chains.rst`
			`+++ b/docs/kbase/backing_chains.rst`
			@@ -176,6 +176,21 @@ properly. ``$BACKING_IMAGE_PATH`` should be specified as a full absolute path.
			`If relative referencing of the backing image is desired, the path must be`
			relative to the location of image described by ``$IMAGE_PATH``.

			+Important: If the ``$BACKING_IMAGE_FORMAT`` is not known it can be queried
			+using ``qemu-img info $BACKING_IMAGE_PATH`` and looking for the ``file format:``
			`+field, but for security reasons should be used only if at least one of the`
			`+following criteria is met:`
			`+`
			+- ``file format`` is ``raw``
			+- ``backing file`` is NOT present
			+- ``backing file`` is present AND is correct/trusted
			`+`
			`+Note that the last criteria may require manual inspection and thus should not`
			`+be scripted unless the trust for the image can be expressed programatically.`
			`+`
			`+Also note that the above steps may need to be repeated recursively for any`
			`+subsequent backing images.`
			`+`
			`Missing images reported after after moving disk images into a different path`
			`----------------------------------------------------------------------------`

			`--`
			`2.25.1`