Add -f FMT / --format FMT arg to qemu-nbd

Currently the qemu-nbd program will auto-detect the format of
any disk it is given. This behaviour is known to be insecure.
For example, if qemu-nbd initially exposes a 'raw' file to an
unprivileged app, and that app runs

   'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0'

then the next time the app is started, the qemu-nbd will now
detect it as a 'qcow2' file and expose /etc/shadow to the
unprivileged app.

The only way to avoid this is to explicitly tell qemu-nbd what
disk format to use on the command line, completely disabling
auto-detection. This patch adds a '-f' / '--format' arg for
this purpose, mirroring what is already available via qemu-img
and qemu commands.

  qemu-nbd --format raw -p 9000 evil.img

will now always use raw, regardless of what format 'evil.img'
looks like it contains

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[Use errx, not err. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2 files changed
tree: 132813125593e7128b06d88fc88f27530599a430
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. ldscripts/
  14. libcacard/
  15. linux-headers/
  16. linux-user/
  17. net/
  18. pc-bios/
  19. po/
  20. qapi/
  21. qga/
  22. QMP/
  23. qobject/
  24. qom/
  25. roms/
  26. scripts/
  27. slirp/
  28. stubs/
  29. sysconfigs/
  30. target-alpha/
  31. target-arm/
  32. target-cris/
  33. target-i386/
  34. target-lm32/
  35. target-m68k/
  36. target-microblaze/
  37. target-mips/
  38. target-moxie/
  39. target-openrisc/
  40. target-ppc/
  41. target-s390x/
  42. target-sh4/
  43. target-sparc/
  44. target-unicore32/
  45. target-xtensa/
  46. tcg/
  47. tests/
  48. tpm/
  49. trace/
  50. ui/
  51. util/
  52. .exrc
  53. .gitignore
  54. .gitmodules
  55. .mailmap
  56. aio-posix.c
  57. aio-win32.c
  58. arch_init.c
  59. async.c
  60. balloon.c
  61. block-migration.c
  62. block.c
  63. blockdev-nbd.c
  64. blockdev.c
  65. blockjob.c
  66. bt-host.c
  67. bt-vhci.c
  68. Changelog
  69. cmd.c
  70. cmd.h
  71. CODING_STYLE
  72. configure
  73. COPYING
  74. COPYING.LIB
  75. coroutine-gthread.c
  76. coroutine-sigaltstack.c
  77. coroutine-ucontext.c
  78. coroutine-win32.c
  79. cpu-exec.c
  80. cpus.c
  81. cputlb.c
  82. device-hotplug.c
  83. device_tree.c
  84. disas.c
  85. dma-helpers.c
  86. dump-stub.c
  87. dump.c
  88. exec.c
  89. gdbstub.c
  90. HACKING
  91. hmp-commands.hx
  92. hmp.c
  93. hmp.h
  94. iohandler.c
  95. ioport.c
  96. kvm-all.c
  97. kvm-stub.c
  98. LICENSE
  99. main-loop.c
  100. MAINTAINERS
  101. Makefile
  102. Makefile.objs
  103. Makefile.target
  104. memory.c
  105. memory_mapping-stub.c
  106. memory_mapping.c
  107. migration-exec.c
  108. migration-fd.c
  109. migration-tcp.c
  110. migration-unix.c
  111. migration.c
  112. monitor.c
  113. nbd.c
  114. os-posix.c
  115. os-win32.c
  116. page_cache.c
  117. qapi-schema-test.json
  118. qapi-schema.json
  119. qdev-monitor.c
  120. qdict-test-data.txt
  121. qemu-bridge-helper.c
  122. qemu-char.c
  123. qemu-coroutine-io.c
  124. qemu-coroutine-lock.c
  125. qemu-coroutine-sleep.c
  126. qemu-coroutine.c
  127. qemu-doc.texi
  128. qemu-img-cmds.hx
  129. qemu-img.c
  130. qemu-img.texi
  131. qemu-io.c
  132. qemu-log.c
  133. qemu-nbd.c
  134. qemu-nbd.texi
  135. qemu-options-wrapper.h
  136. qemu-options.h
  137. qemu-options.hx
  138. qemu-seccomp.c
  139. qemu-tech.texi
  140. qemu-timer.c
  141. qemu.sasl
  142. qmp-commands.hx
  143. qmp.c
  144. qtest.c
  145. readline.c
  146. README
  147. rules.mak
  148. savevm.c
  149. spice-qemu-char.c
  150. tcg-runtime.c
  151. tci.c
  152. thread-pool.c
  153. thunk.c
  154. trace-events
  155. translate-all.c
  156. translate-all.h
  157. user-exec.c
  158. VERSION
  159. version.rc
  160. vl.c
  161. xbzrle.c
  162. xen-all.c
  163. xen-mapcache.c
  164. xen-stub.c