Re: [qemu-web PATCH] Add a blog post about FUSE block exports

From: Stefan Hajnoczi <stefanha@redhat.com>
To: Hanna Reitz <hreitz@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [qemu-web PATCH] Add a blog post about FUSE block exports
Date: Fri, 20 Aug 2021 15:27:34 +0100	[thread overview]
Message-ID: <YR+71uio1KT40tc+@stefanha-x1.localdomain> (raw)
In-Reply-To: <46a68d5c-cfc1-e521-8c6b-90eb74c85ede@redhat.com>

[-- Attachment #1: Type: text/plain, Size: 2975 bytes --]

On Fri, Aug 20, 2021 at 09:56:54AM +0200, Hanna Reitz wrote:
> On 19.08.21 18:23, Stefan Hajnoczi wrote:
> > On Thu, Aug 19, 2021 at 12:25:01PM +0200, Hanna Reitz wrote:
> > > This post explains when FUSE block exports are useful, how they work,
> > > and that it is fun to export an image file on its own path so it looks
> > > like your image file (in whatever format it was) is a raw image now.
> > > 
> > > Signed-off-by: Hanna Reitz <hreitz@redhat.com>
> > > ---
> > > You can also find this patch here:
> > > https://gitlab.com/hreitz/qemu-web fuse-blkexport-v1
> > > 
> > > My first patch to qemu-web, so I hope I am not doing anything overly
> > > stupid here (adding SVGs with extremely long lines comes to mind)...
> > > ---
> > >   _posts/2021-08-18-fuse-blkexport.md       | 488 ++++++++++++++++++++++
> > >   screenshots/2021-08-18-block-graph-a.svg  |   2 +
> > >   screenshots/2021-08-18-block-graph-b.svg  |   2 +
> > >   screenshots/2021-08-18-block-graph-c.svg  |   2 +
> > >   screenshots/2021-08-18-block-graph-d.svg  |   2 +
> > >   screenshots/2021-08-18-block-graph-e.svg  |   2 +
> > >   screenshots/2021-08-18-root-directory.svg |   2 +
> > >   screenshots/2021-08-18-root-file.svg      |   2 +
> > >   8 files changed, 502 insertions(+)
> > >   create mode 100644 _posts/2021-08-18-fuse-blkexport.md
> > >   create mode 100644 screenshots/2021-08-18-block-graph-a.svg
> > >   create mode 100644 screenshots/2021-08-18-block-graph-b.svg
> > >   create mode 100644 screenshots/2021-08-18-block-graph-c.svg
> > >   create mode 100644 screenshots/2021-08-18-block-graph-d.svg
> > >   create mode 100644 screenshots/2021-08-18-block-graph-e.svg
> > >   create mode 100644 screenshots/2021-08-18-root-directory.svg
> > >   create mode 100644 screenshots/2021-08-18-root-file.svg
> > Great! Two ideas:
> > 
> > It would be nice to include a shoutout to libguestfs and mention that
> > libguestfs avoids exposing the host kernel's file systems and partion
> > code to untrusted disk images. If you don't mount the image then the
> > FUSE export has similar security properties.
> 
> Oh, right!  Absolutely.
> 
> Though now I do wonder why one would actually want to use QEMU’s FUSE
> exports then...
> 
> Looks like the performance isn’t as bad as I claimed (for me around 1.5G/s
> for reading/writing from/to a raw image on tmpfs), so perhaps that’s one
> point.  Another is probably that FUSE exports are better suited when you
> actually want access to the whole image.  I guess.

I see a use case for applications that want to do something with the
disk image data themselves, e.g. backup, entropy, data recovery, etc.
They could use NBD but opening a regular file on a FUSE file system is
even easier.

The host kernel won't be exposed, so it's reason as long as the
application itself isn't doing anything risky (e.g. no parsing or parser
written in a memory-safe language).

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]