Originally I thought it would be enough to simply:
* check if image had a backing store, if not, convert it to raw
* use the raw image
However, this shows that that is insufficient, as the attacker could put inside the first level qcow image a second level qcow image that. That one would survive.
So, my revised solution would be to:
* check if image has backing store, if so, convert it to raw
* check file format of 'raw' image, if it is not raw, raise error
* use raw image
Originally I thought it would be enough to simply:
* check if image had a backing store, if not, convert it to raw
* use the raw image
However, this shows that that is insufficient, as the attacker could put inside the first level qcow image a second level qcow image that. That one would survive.
So, my revised solution would be to:
* check if image has backing store, if so, convert it to raw
* check file format of 'raw' image, if it is not raw, raise error
* use raw image