I recently saw a video from schmoocon in which the author talked about using kvm for malware analysis.
https://www.youtube.com/watch?v=nD8IHtfzBAo
The author puts a backing file in /tmp since /tmp is ram based and very fast. However, when I try to create a backing file and do the same thing, I get an error when starting KVM. I am running on Fedora 18. Here is the error I get:
Error starting domain: internal error Process exited while reading console log output: char device redirected to /dev/pts/0
qemu-kvm: -drive file=/tmp/ram/winxp_backing.img,if=none,id=drive-ide0-0-0,format=qcow2,cache=none: could not open disk image /tmp/ram/winxp_backing.img: Invalid argument
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 96, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 117, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/domain.py", line 1090, in startup
self._backend.create()
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 678, in create
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error Process exited while reading console log output: char device redirected to /dev/pts/0
qemu-kvm: -drive file=/tmp/ram/winxp_backing.img,if=none,id=drive-ide0-0-0,format=qcow2,cache=none: could not open disk image /tmp/ram/winxp_backing.img: Invalid argument
Does anyone have any ideas? I unfortunately haven't found an email for the speaker to ask him, so I thought I would try here.
---------- Post added at 09:42 PM ---------- Previous post was at 09:32 PM ----------
Was digging through the author's script and he commented the answer. Can't use 'none" as the cache for the disk in kvm. Changing to writeback makes it actually work.
https://www.youtube.com/watch?v=nD8IHtfzBAo
The author puts a backing file in /tmp since /tmp is ram based and very fast. However, when I try to create a backing file and do the same thing, I get an error when starting KVM. I am running on Fedora 18. Here is the error I get:
Error starting domain: internal error Process exited while reading console log output: char device redirected to /dev/pts/0
qemu-kvm: -drive file=/tmp/ram/winxp_backing.img,if=none,id=drive-ide0-0-0,format=qcow2,cache=none: could not open disk image /tmp/ram/winxp_backing.img: Invalid argument
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 96, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 117, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/domain.py", line 1090, in startup
self._backend.create()
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 678, in create
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error Process exited while reading console log output: char device redirected to /dev/pts/0
qemu-kvm: -drive file=/tmp/ram/winxp_backing.img,if=none,id=drive-ide0-0-0,format=qcow2,cache=none: could not open disk image /tmp/ram/winxp_backing.img: Invalid argument
Does anyone have any ideas? I unfortunately haven't found an email for the speaker to ask him, so I thought I would try here.
---------- Post added at 09:42 PM ---------- Previous post was at 09:32 PM ----------
Was digging through the author's script and he commented the answer. Can't use 'none" as the cache for the disk in kvm. Changing to writeback makes it actually work.