Thanks for the suggestion.
We currently do not limit the qemu-img process in any way, but it sounds like
a good idea.
We also don't verify the size of the image, this should be fixed.
What we do currently is:
1. Mark image as illegal in oVirt metadata - prevents using the image by oVirt.
2. Expose the image via http
3. Wait until the user completes the upload
4. Unexposed the image, so no more data can be written.
5. Run qemu-img info /path/to/image (running as vdsm, but without any limit)
6. Verify format with oVirt metada - it must be same as specified in oVirt
7. Verify backing file with ovirt metadata - it must be same as specified in oVirt
(no backing file or volume UUID)
8. Verify that qcow2 compat is compatible with the storage domain
9. If all checks are ok, mark the image as legal.
The image is deleted on verification failure.
This is the code if someone like to check: