From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:45127)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1Q9Yp8-0001gw-Os
	for qemu-devel@nongnu.org; Tue, 12 Apr 2011 04:19:52 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1Q9Yp4-00089y-D7
	for qemu-devel@nongnu.org; Tue, 12 Apr 2011 04:19:46 -0400
Received: from mx1.redhat.com ([209.132.183.28]:60934)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1Q9Yp4-00089j-1r
	for qemu-devel@nongnu.org; Tue, 12 Apr 2011 04:19:42 -0400
Date: Tue, 12 Apr 2011 09:19:32 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20110412081932.GC10071@redhat.com>
References: <BANLkTin3+Hz2kmLnVTDrLyzQUs-Ksvvc0w@mail.gmail.com>
	<20110412075214.GA10071@redhat.com> <4DA40904.2040103@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <4DA40904.2040103@redhat.com>
Subject: Re: [Qemu-devel] To O_EXCL or not to O_EXCL open host_cdrom
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <http://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>, qemu-devel <qemu-devel@nongnu.org>, Markus Armbruster <armbru@redhat.com>, Ryan Harper <ryanh@us.ibm.com>, Amit Shah <amit.shah@redhat.com>, Christoph Hellwig <hch@lst.de>

On Tue, Apr 12, 2011 at 10:10:44AM +0200, Kevin Wolf wrote:
> Am 12.04.2011 09:52, schrieb Daniel P. Berrange:
> >  - If the -drive specification has  readonly=on (thus O_RDONLY to
> >    open(2) call) , I expect QEMU (or the kernel) to forbid the
> >    "eject" command on the host CDROM. This should prevent two guests
> >    interfering seriously with each other.
> > 
> > So I think using O_EXCL would be OK, in the case where the block
> > driver was  host_cdrom and readonly=off.
> 
> This would overload readonly with a completely unrelated option (should
> eject be allowed). Doesn't sound like a great idea.

Use of the "host_cdrom" block driver enables passthrough of
commands to the host device.

Use of "readonly" is what controls whether individual passthrough
commands are actually permitted.

To me, "readonly" means don't allow anything that would impact
another guests view of the file/device. So forbidding 'eject'
is within scope of that IMHO.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|