From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35955)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <wency@cn.fujitsu.com>) id 1YQCIU-0004Nm-21
	for qemu-devel@nongnu.org; Tue, 24 Feb 2015 05:01:02 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <wency@cn.fujitsu.com>) id 1YQCIP-0006qt-Rt
	for qemu-devel@nongnu.org; Tue, 24 Feb 2015 05:00:58 -0500
Received: from [59.151.112.132] (port=37965 helo=heian.cn.fujitsu.com)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <wency@cn.fujitsu.com>) id 1YQC5a-00016I-NX
	for qemu-devel@nongnu.org; Tue, 24 Feb 2015 04:47:39 -0500
Message-ID: <54EC494E.6000901@cn.fujitsu.com>
Date: Tue, 24 Feb 2015 17:50:06 +0800
From: Wen Congyang <wency@cn.fujitsu.com>
MIME-Version: 1.0
References: <1423711034-5340-1-git-send-email-zhang.zhanghailiang@huawei.com>	<1423711034-5340-18-git-send-email-zhang.zhanghailiang@huawei.com>
	<54E2825B.9040500@redhat.com>
In-Reply-To: <54E2825B.9040500@redhat.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command
 parameter 'colo_nicname' 'colo_script' for net
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eric Blake <eblake@redhat.com>, zhanghailiang <zhang.zhanghailiang@huawei.com>, qemu-devel@nongnu.org
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>, yunhong.jiang@intel.com, eddie.dong@intel.com, dgilbert@redhat.com, peter.huangpeng@huawei.com, Gao feng <gaofeng@cn.fujitsu.com>, stefanha@redhat.com, pbonzini@redhat.com

On 02/17/2015 07:50 AM, Eric Blake wrote:
> On 02/11/2015 08:17 PM, zhanghailiang wrote:
>> The 'colo_nicname' should be assigned with network name,
>> for exmple, 'eth2'. It will be parameter of 'colo_script',
> 
> s/exmple/example/
> 
>> 'colo_script' should be assigned with an scirpt path.
> 
> s/an scirpt/a script/
> 
>>
>> We parse these parameter in tap.
> 
> Script files are in general very hard to secure.  Libvirt marks any
> domain that uses a script file for controlling networking as tainted,
> because it cannot guarantee that the script did not do arbitrary
> actions.  Can you come up with any better solution that does not require
> a script file, such as having management software responsible for
> passing in an already-opened fd?

Do you mean that opening the script in libvirt?

Thanks
Wen Congyang

> 
>>
>> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
>> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
>> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
>> ---
>>  include/net/net.h |  4 ++++
>>  net/tap.c         | 27 ++++++++++++++++++++++++---
>>  qapi-schema.json  |  8 +++++++-
>>  qemu-options.hx   | 10 +++++++++-
>>  4 files changed, 44 insertions(+), 5 deletions(-)
>>
> 
>> +++ b/qapi-schema.json
>> @@ -2101,6 +2101,10 @@
>>  #
>>  # @queues: #optional number of queues to be created for multiqueue capable tap
>>  #
>> +# @colo_nicname: #optional the host physical nic for QEMU (Since 2.3)
>> +#
>> +# @colo_script: #optional the script file which used by COLO (Since 2.3)
> 
> s/_/-/ in both parameter names, please.  Since they are optional, it
> might be worth documenting what they default to when not present.
>