From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jim Fehlig Subject: [PATCH] Prevent vif-bridge from adding user-created taps to a bridge Date: Tue, 25 Oct 2011 17:06:19 -0600 Message-ID: <4EA740EB.7030804@suse.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------020109070602030301050205" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------020109070602030301050205 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit I previously sent this from my @suse.com mail address without having subscribed it. Sending again now that I have done so... I received a report that vif-bridge adds any tap interface to a bridge, regardless if xen is running and who created the tap interface. E.g. # tunctl -p -t tap42 will cause vif-bridge to be executed as per the following rule in xen-backend.rules SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add", RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap" I'm not sure how to improve the rule to prevent execution of vif-setup in this case. But it seems better to handle it in vif-bridge anyhow, by not connecting the interface to a bridge if there is no corresponding info in xenstore. Something along the lines of the attached quick patch. Comments? Thanks! Jim --------------020109070602030301050205 Content-Type: text/x-patch; name="vif-bridge.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="vif-bridge.patch" # HG changeset patch # User Jim Fehlig # Date 1319581952 21600 # Node ID 74da2a3a1db1476d627f42e4a99e9e720cc6774d # Parent 6c583d35d76dda2236c81d9437ff9d57ab02c006 Prevent vif-bridge from adding user-created tap interfaces to a bridge Exit vif-bridge script if there is no device info in xenstore, preventing it from adding user-created taps to bridges. Signed-off-by: Jim Fehlig diff -r 6c583d35d76d -r 74da2a3a1db1 tools/hotplug/Linux/vif-bridge --- a/tools/hotplug/Linux/vif-bridge Thu Oct 20 15:36:01 2011 +0100 +++ b/tools/hotplug/Linux/vif-bridge Tue Oct 25 16:32:32 2011 -0600 @@ -31,6 +31,13 @@ dir=$(dirname "$0") . "$dir/vif-common.sh" + +domu=$(xenstore_read_default "$XENBUS_PATH/domain" "") +if [ -z "$domu" ] +then + log debug "No device details in $XENBUS_PATH, exiting." + exit 0 +fi bridge=${bridge:-} bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge") --------------020109070602030301050205 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------020109070602030301050205--