From: Arnd Bergmann <arnd@arndb.de>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: anthony@codemonkey.ws, virtualization@lists.linux-foundation.org,
kvm@vger.kernel.org, Rusty Russell <rusty@rustcorp.com.au>
Subject: Re: vhost-net todo list
Date: Wed, 16 Sep 2009 17:27:25 +0200 [thread overview]
Message-ID: <200909161727.26153.arnd@arndb.de> (raw)
In-Reply-To: <20090916151922.GD5513@redhat.com>
On Wednesday 16 September 2009, Michael S. Tsirkin wrote:
> >
> > No, I think this is less important, because the bridge code
> > also doesn't do this.
>
> True, but the reason might be that it is much harder in bridge (you have
> to snoop multicast registrations). With macvlan you know which
> multicasts does each device want.
Right. It shouldn't be hard to do, and I'll probably get to
that after the other changes.
> > One of the problems that raw packet sockets have is the requirement
> > for root permissions (e.g. through libvirt). Tap sockets and
> > macvtap both don't have this limitation, so you can use them as
> > a regular user without libvirt.
>
> I don't see a huge difference here.
> If you are happy with the user being able to bypass filters in host,
> just give her CAP_NET_RAW capability. It does not have to be root.
Capabilities are nice in theory, but I've never seen them being used
effectively in practice, where it essentially comes down to some
SUID wrapper. Also, I might not want to allow the user to open a
random random raw socket, but only one on a specific downstream
port of a macvlan interface, so I can filter out the data from
that respective MAC address in an external switch.
That scenario is probably not so relevant for KVM, unless you
consider the guest taking over the qemu host process a valid
security threat.
Arnd <><
next prev parent reply other threads:[~2009-09-16 15:28 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-16 10:04 vhost-net todo list Michael S. Tsirkin
2009-09-16 14:52 ` Arnd Bergmann
2009-09-16 14:58 ` Michael S. Tsirkin
2009-09-16 15:08 ` Arnd Bergmann
2009-09-16 15:19 ` Michael S. Tsirkin
2009-09-16 15:27 ` Arnd Bergmann [this message]
2009-09-16 15:46 ` GDB + KVM Debug Saksena, Abhishek
2009-09-16 16:02 ` Jan Kiszka
2009-09-16 16:24 ` Saksena, Abhishek
2009-09-16 16:37 ` Jan Kiszka
2009-09-16 17:15 ` Avi Kivity
2009-09-16 17:56 ` Jan Kiszka
2009-09-16 18:26 ` Avi Kivity
2009-09-16 18:49 ` Saksena, Abhishek
2009-09-17 8:35 ` Jan Kiszka
2009-10-20 18:48 ` Saksena, Abhishek
2009-10-23 17:01 ` Jan Kiszka
2009-10-23 16:19 ` GDB Debugging Saksena, Abhishek
2009-10-24 16:44 ` Yolkfull Chow
2009-09-16 16:45 ` vhost-net todo list Michael S. Tsirkin
2009-09-17 11:30 ` Arnd Bergmann
2009-09-17 11:47 ` Michael S. Tsirkin
2009-09-17 12:14 ` Arnd Bergmann
2009-09-17 12:25 ` Michael S. Tsirkin
2009-09-17 15:08 ` Arnd Bergmann
2009-09-16 17:13 ` Avi Kivity
2009-09-16 15:01 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200909161727.26153.arnd@arndb.de \
--to=arnd@arndb.de \
--cc=anthony@codemonkey.ws \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
--cc=rusty@rustcorp.com.au \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).