Re: [qemu-web PATCH] Add a blog post about FUSE block exports

[Daniel P . Berrangé]

On Fri, Aug 20, 2021 at 09:56:54AM +0200, Hanna Reitz wrote:
> On 19.08.21 18:23, Stefan Hajnoczi wrote:
> > On Thu, Aug 19, 2021 at 12:25:01PM +0200, Hanna Reitz wrote:
> > > This post explains when FUSE block exports are useful, how they work,
> > > and that it is fun to export an image file on its own path so it looks
> > > like your image file (in whatever format it was) is a raw image now.
> > > 
> > > Signed-off-by: Hanna Reitz <hreitz@redhat.com>
> > > ---
> > > You can also find this patch here:
> > > https://gitlab.com/hreitz/qemu-web fuse-blkexport-v1
> > > 
> > > My first patch to qemu-web, so I hope I am not doing anything overly
> > > stupid here (adding SVGs with extremely long lines comes to mind)...
> > > ---
> > >   _posts/2021-08-18-fuse-blkexport.md       | 488 ++++++++++++++++++++++
> > >   screenshots/2021-08-18-block-graph-a.svg  |   2 +
> > >   screenshots/2021-08-18-block-graph-b.svg  |   2 +
> > >   screenshots/2021-08-18-block-graph-c.svg  |   2 +
> > >   screenshots/2021-08-18-block-graph-d.svg  |   2 +
> > >   screenshots/2021-08-18-block-graph-e.svg  |   2 +
> > >   screenshots/2021-08-18-root-directory.svg |   2 +
> > >   screenshots/2021-08-18-root-file.svg      |   2 +
> > >   8 files changed, 502 insertions(+)
> > >   create mode 100644 _posts/2021-08-18-fuse-blkexport.md
> > >   create mode 100644 screenshots/2021-08-18-block-graph-a.svg
> > >   create mode 100644 screenshots/2021-08-18-block-graph-b.svg
> > >   create mode 100644 screenshots/2021-08-18-block-graph-c.svg
> > >   create mode 100644 screenshots/2021-08-18-block-graph-d.svg
> > >   create mode 100644 screenshots/2021-08-18-block-graph-e.svg
> > >   create mode 100644 screenshots/2021-08-18-root-directory.svg
> > >   create mode 100644 screenshots/2021-08-18-root-file.svg
> > Great! Two ideas:
> > 
> > It would be nice to include a shoutout to libguestfs and mention that
> > libguestfs avoids exposing the host kernel's file systems and partion
> > code to untrusted disk images. If you don't mount the image then the
> > FUSE export has similar security properties.
> 
> Oh, right!  Absolutely.
> 
> Though now I do wonder why one would actually want to use QEMU’s FUSE
> exports then...

If you can't use KVM for libguestfs, then performance likely to
suffer significantly. This could be either if your disk image
is non-native architecture, or if your running inside a VM and
don't have nested KVM avaialble. You do still need to bear in
mind the security implications of course, but QEMU FUSE might
be your only viable option to achieve the performance needed.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|