From: Ikey Doherty <michael.i.doherty@intel.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v3 2/2] qemu-bridge-helper: Use stateless configuration for bridge.conf
Date: Tue, 26 May 2015 17:41:08 +0100 [thread overview]
Message-ID: <5564A224.20407@intel.com> (raw)
In-Reply-To: <20150526163859.GK28075@thinpad.lan.raisama.net>
On 26/05/15 17:38, Eduardo Habkost wrote:
> On Tue, May 26, 2015 at 01:54:07PM +0100, Ikey Doherty wrote:
>> The goal of stateless, and thus this change, is to separate OS configuration
>> from system administrator configuration. With this change we will read the
>> default configuration data from /usr/share/defaults/qemu, in the absence of
>> an overriding site administrator configuration in /etc/qemu.
>>
>> A key advantage of this change is enabling a sane and immutable default OS
>> configuration, that is resiliant to upgrades. Ultimate power is still left
>> to the system administrator, with the ability to override the defaults if
>> required. Lastly, given that the sane defaults are always available, the
>> administrator may simply remove their site-config files to reset the
>> configuration to the "factory defaults" (i.e. OS configuration).
>>
>> Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
>> ---
>> configure | 2 ++
>> qemu-bridge-helper.c | 15 +++++++++------
>> 2 files changed, 11 insertions(+), 6 deletions(-)
>>
> [...]
>> -#define DEFAULT_ACL_FILE CONFIG_QEMU_CONFDIR "/bridge.conf"
>> +#define DEFAULT_ACL_FILE CONFIG_QEMU_DEFAULTDIR "/bridge.conf"
>> +#define SITE_ACL_FILE CONFIG_QEMU_CONFDIR "/bridge.conf"
>>
>> enum {
>> ACL_ALLOW = 0,
>> @@ -272,11 +273,13 @@ int main(int argc, char **argv)
>>
>> /* parse default acl file */
>> QSIMPLEQ_INIT(&acl_list);
>> - if (parse_acl_file(DEFAULT_ACL_FILE, &acl_list) == -1) {
>> - fprintf(stderr, "failed to parse default acl file `%s'\n",
>> - DEFAULT_ACL_FILE);
>> - ret = EXIT_FAILURE;
>> - goto cleanup;
>> + if (parse_acl_file(SITE_ACL_FILE, &acl_list) == -1) {
>> + if (parse_acl_file(DEFAULT_ACL_FILE, &acl_list) == -1) {
>> + fprintf(stderr, "failed to parse default acl file `%s'\n",
>> + DEFAULT_ACL_FILE);
>> + ret = EXIT_FAILURE;
>> + goto cleanup;
>> + }
>> }
>
> This will make syntax errors on SITE_ACL_FILE cause partial loading of
> the rules on SITE_ACL_FILE, and trigger loading of DEFAULT_ACL_FILE,
> instead of aborting bridge-helper.
>
> Wouldn't it be better to fallback to DEFAULT_ACL_FILE if and only if
> SITE_ACL_FILE is missing?
>
I could stat the file and fallback to default, and only parse_acl_file
the one that exists. Better?
--
Clear Linux Project for Intel Architecture
Intel Open Source Technology Center
http://www.clearlinux.org
next prev parent reply other threads:[~2015-05-26 16:41 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-22 15:42 [Qemu-devel] [PATCH] arch_init: Use stateless configuration for default target_${target}.conf Ikey Doherty
2015-05-22 21:58 ` Eric Blake
2015-05-26 11:11 ` [Qemu-devel] [PATCH v2] " Ikey Doherty
2015-05-26 11:23 ` Paolo Bonzini
2015-05-26 12:54 ` [Qemu-devel] [PATCH v3 1/2] arch_init: Drop target-x86_64.conf Ikey Doherty
2015-05-26 12:54 ` [Qemu-devel] [PATCH v3 2/2] qemu-bridge-helper: Use stateless configuration for bridge.conf Ikey Doherty
2015-05-26 14:00 ` Paolo Bonzini
2015-05-26 16:38 ` Eduardo Habkost
2015-05-26 16:41 ` Ikey Doherty [this message]
2015-05-26 16:57 ` Eduardo Habkost
2015-05-27 14:02 ` Stefan Hajnoczi
2015-05-27 14:00 ` Stefan Hajnoczi
2015-05-26 14:00 ` [Qemu-devel] [PATCH v3 1/2] arch_init: Drop target-x86_64.conf Paolo Bonzini
2015-05-26 16:25 ` Eduardo Habkost
2015-05-26 16:29 ` Paolo Bonzini
2015-05-26 16:40 ` Eduardo Habkost
2015-05-26 16:51 ` Paolo Bonzini
2015-05-26 16:59 ` Eduardo Habkost
2015-05-26 16:30 ` Ikey Doherty
2015-05-26 15:37 ` Eric Blake
2015-05-26 17:01 ` Eduardo Habkost
2015-05-26 11:13 ` [Qemu-devel] [PATCH] arch_init: Use stateless configuration for default target_${target}.conf Ikey Doherty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5564A224.20407@intel.com \
--to=michael.i.doherty@intel.com \
--cc=ehabkost@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.