qemu/qemu-nbd.texi
Daniel P. Berrange e6b636779b Add -f FMT / --format FMT arg to qemu-nbd
Currently the qemu-nbd program will auto-detect the format of
any disk it is given. This behaviour is known to be insecure.
For example, if qemu-nbd initially exposes a 'raw' file to an
unprivileged app, and that app runs

   'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0'

then the next time the app is started, the qemu-nbd will now
detect it as a 'qcow2' file and expose /etc/shadow to the
unprivileged app.

The only way to avoid this is to explicitly tell qemu-nbd what
disk format to use on the command line, completely disabling
auto-detection. This patch adds a '-f' / '--format' arg for
this purpose, mirroring what is already available via qemu-img
and qemu commands.

  qemu-nbd --format raw -p 9000 evil.img

will now always use raw, regardless of what format 'evil.img'
looks like it contains

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[Use errx, not err. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-15 14:29:20 -05:00

77 lines
2.1 KiB
Text

@example
@c man begin SYNOPSIS
usage: qemu-nbd [OPTION]... @var{filename}
@c man end
@end example
@c man begin DESCRIPTION
Export QEMU disk image using NBD protocol.
@c man end
@c man begin OPTIONS
@table @option
@item @var{filename}
is a disk image filename
@item -p, --port=@var{port}
port to listen on (default @samp{1024})
@item -o, --offset=@var{offset}
offset into the image
@item -b, --bind=@var{iface}
interface to bind to (default @samp{0.0.0.0})
@item -k, --socket=@var{path}
Use a unix socket with path @var{path}
@item -r, --read-only
export read-only
@item -P, --partition=@var{num}
only expose partition @var{num}
@item -s, --snapshot
use snapshot file
@item -n, --nocache
@itemx --cache=@var{cache}
set cache mode to be used with the file. See the documentation of
the emulator's @code{-drive cache=...} option for allowed values.
@item --aio=@var{aio}
choose asynchronous I/O mode between @samp{threads} (the default)
and @samp{native} (Linux only).
@item --discard=@var{discard}
toggles whether @dfn{discard} (also known as @dfn{trim} or @dfn{unmap})
requests are ignored or passed to the filesystem. The default is no
(@samp{--discard=ignore}).
@item -c, --connect=@var{dev}
connect @var{filename} to NBD device @var{dev}
@item -d, --disconnect
disconnect the specified device
@item -e, --shared=@var{num}
device can be shared by @var{num} clients (default @samp{1})
@item -f, --format=@var{fmt}
force block driver for format @var{fmt} instead of auto-detecting
@item -t, --persistent
don't exit on the last connection
@item -v, --verbose
display extra debugging information
@item -h, --help
display this help and exit
@item -V, --version
output version information and exit
@end table
@c man end
@ignore
@setfilename qemu-nbd
@settitle QEMU Disk Network Block Device Server
@c man begin AUTHOR
Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@c man end
@c man begin SEEALSO
qemu-img(1)
@c man end
@end ignore