Comment 42 for bug 1890501

> Dumping some additional context in here after talking to danpb (libvirt/QEMU) about the underlying libvirt migrateToURI3 behaviour. It looks like v1.2.20 initial introduced the libvirt behaviour of copying the source persistent domain definition across to the destination in order to ensure something is persisted when VIR_MIGRATE_PARAM_DEST_XML wasn't provided but the VIR_MIGRATE_PERSIST_DEST flag was. Later v1.3.4 then introduced VIR_MIGRATE_PARAM_PERSIST_XML to overwrite the persistent domain on the destination.

The master - stein patches LGTM but I don't yet understand the situation for rocky and queens.

I'm not clear on what the behavior < v1.3.4 is before VIR_MIGRATE_PARAM_PERSIST_XML existed and when VIR_MIGRATE_PERSIST_DEST was specified by itself. I tried to look at the patch where it was introduced [1] and I don't see how/why it wouldn't have the vulnerability of exposing other tenant's data upon soft reboot. Am I misunderstanding this? If I'm not misunderstanding, does that mean there's no way to fix this problem for libvirt < v1.3.4?

[1] https://www.redhat.com/archives/libvir-list/2016-March/msg00789.html