From: "Daniel P. Berrange" <berrange@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: zhanghailiang <zhang.zhanghailiang@huawei.com>,
Li Zhijian <lizhijian@cn.fujitsu.com>,
yunhong.jiang@intel.com, eddie.dong@intel.com,
qemu-devel@nongnu.org, dgilbert@redhat.com,
Gao feng <gaofeng@cn.fujitsu.com>,
stefanha@redhat.com, pbonzini@redhat.com,
peter.huangpeng@huawei.com
Subject: Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'colo_nicname' 'colo_script' for net
Date: Tue, 24 Feb 2015 17:24:10 +0000 [thread overview]
Message-ID: <20150224172410.GT21611@redhat.com> (raw)
In-Reply-To: <54ECA740.4050701@redhat.com>
On Tue, Feb 24, 2015 at 09:30:56AM -0700, Eric Blake wrote:
> On 02/24/2015 02:50 AM, Wen Congyang wrote:
> >> Script files are in general very hard to secure. Libvirt marks any
> >> domain that uses a script file for controlling networking as tainted,
> >> because it cannot guarantee that the script did not do arbitrary
> >> actions. Can you come up with any better solution that does not require
> >> a script file, such as having management software responsible for
> >> passing in an already-opened fd?
> >
> > Do you mean that opening the script in libvirt?
> >
>
> No, I mean a solution that needs no script file at all. Have libvirt
> pre-open the TAP device you will need, then pass in the fd that will be
> used for the colo NIC.
Agreed, we really must not add new features that require executing
arbitrary blackbox shell scripts to QEMU, when we know that reslts in
a flawed security model. And just pushing the script execution upto
libvirt is not really a satisfactory solution either.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2015-02-24 17:24 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-12 3:16 [Qemu-devel] [PATCH RFC v3 00/27] COarse-grain LOck-stepping(COLO) Virtual Machines for Non-stop Service zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 01/27] configure: Add parameter for configure to enable/disable COLO support zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 02/27] migration: Introduce capability 'colo' to migration zhanghailiang
2015-02-16 21:57 ` Eric Blake
2015-02-25 9:19 ` zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 03/27] COLO: migrate colo related info to slave zhanghailiang
2015-02-16 23:20 ` Eric Blake
2015-02-25 6:21 ` zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 04/27] migration: Integrate COLO checkpoint process into migration zhanghailiang
2015-02-16 23:27 ` Eric Blake
2015-02-25 6:43 ` zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 05/27] migration: Integrate COLO checkpoint process into loadvm zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 06/27] migration: Don't send vm description in COLO mode zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 07/27] COLO: Implement colo checkpoint protocol zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 08/27] COLO: Add a new RunState RUN_STATE_COLO zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 09/27] QEMUSizedBuffer: Introduce two help functions for qsb zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 10/27] COLO: Save VM state to slave when do checkpoint zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 11/27] COLO RAM: Load PVM's dirty page into SVM's RAM cache temporarily zhanghailiang
2015-02-12 3:16 ` [Qemu-devel] [PATCH RFC v3 12/27] COLO VMstate: Load VM state into qsb before restore it zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 13/27] COLO RAM: Flush cached RAM into SVM's memory zhanghailiang
2015-03-11 19:08 ` Dr. David Alan Gilbert
2015-03-12 2:02 ` zhanghailiang
2015-03-12 11:49 ` Dr. David Alan Gilbert
2015-03-11 20:07 ` Dr. David Alan Gilbert
2015-03-12 2:27 ` zhanghailiang
2015-03-12 9:51 ` Dr. David Alan Gilbert
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 14/27] COLO failover: Introduce a new command to trigger a failover zhanghailiang
2015-02-16 23:47 ` Eric Blake
2015-02-25 7:04 ` zhanghailiang
2015-02-25 7:16 ` Hongyang Yang
2015-02-25 7:40 ` Wen Congyang
2015-03-06 16:10 ` Eric Blake
2015-03-09 1:15 ` zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 15/27] COLO failover: Implement COLO master/slave failover work zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 16/27] COLO failover: Don't do failover during loading VM's state zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'colo_nicname' 'colo_script' for net zhanghailiang
2015-02-16 23:50 ` Eric Blake
2015-02-24 9:50 ` Wen Congyang
2015-02-24 16:30 ` Eric Blake
2015-02-24 17:24 ` Daniel P. Berrange [this message]
2015-02-25 8:21 ` zhanghailiang
2015-02-25 10:09 ` Daniel P. Berrange
2015-02-25 7:50 ` zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 18/27] COLO NIC: Init/remove colo nic devices when add/cleanup tap devices zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 19/27] COLO NIC: Implement colo nic device interface configure() zhanghailiang
2015-02-16 12:03 ` Dr. David Alan Gilbert
2015-02-25 3:44 ` zhanghailiang
2015-02-25 9:08 ` Dr. David Alan Gilbert
2015-02-25 9:38 ` zhanghailiang
2015-02-25 9:40 ` Dr. David Alan Gilbert
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 20/27] COLO NIC : Implement colo nic init/destroy function zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 21/27] COLO NIC: Some init work related with proxy module zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 22/27] COLO: Do checkpoint according to the result of net packets comparing zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 23/27] COLO: Improve checkpoint efficiency by do additional periodic checkpoint zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 24/27] COLO NIC: Implement NIC checkpoint and failover zhanghailiang
2015-03-05 17:12 ` Dr. David Alan Gilbert
2015-03-06 2:35 ` zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 25/27] COLO: Disable qdev hotplug when VM is in COLO mode zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 26/27] COLO: Implement shutdown checkpoint zhanghailiang
2015-02-12 3:17 ` [Qemu-devel] [PATCH RFC v3 27/27] COLO: Add block replication into colo process zhanghailiang
2015-02-16 13:11 ` [Qemu-devel] [PATCH RFC v3 00/27] COarse-grain LOck-stepping(COLO) Virtual Machines for Non-stop Service Dr. David Alan Gilbert
2015-02-25 5:17 ` Gao feng
2015-02-24 11:08 ` Dr. David Alan Gilbert
2015-02-24 20:13 ` Dr. David Alan Gilbert
2015-02-25 3:20 ` Gao feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150224172410.GT21611@redhat.com \
--to=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=eblake@redhat.com \
--cc=eddie.dong@intel.com \
--cc=gaofeng@cn.fujitsu.com \
--cc=lizhijian@cn.fujitsu.com \
--cc=pbonzini@redhat.com \
--cc=peter.huangpeng@huawei.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=yunhong.jiang@intel.com \
--cc=zhang.zhanghailiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).