From: "Daniel P. Berrange" <berrange@redhat.com>
To: Sascha Silbe <silbe@linux.vnet.ibm.com>
Cc: Michal Privoznik <mprivozn@redhat.com>,
qemu-devel@nongnu.org, amit.shah@redhat.com, jasowang@redhat.com,
Wei Xu <wexu@redhat.com>,
armbru@redhat.com
Subject: Re: [Qemu-devel] Channel paths (was: Re: [RFC Patch 0/3] Accept passed in socket 'fd' open from outside for unix socket)
Date: Fri, 3 Jun 2016 09:34:18 +0100 [thread overview]
Message-ID: <20160603083418.GB13827@redhat.com> (raw)
In-Reply-To: <201606021927.u52JB3YU031760@mx0a-001b2d01.pphosted.com>
On Thu, Jun 02, 2016 at 09:27:45PM +0200, Sascha Silbe wrote:
> Dear Daniel,
>
> "Daniel P. Berrange" <berrange@redhat.com> writes:
>
> > On Thu, Jun 02, 2016 at 09:41:56AM +0200, Michal Privoznik wrote:
> >> On 01.06.2016 18:16, Wei Xu wrote:
> >> > On 2016年06月01日 00:44, Daniel P. Berrange wrote:
> > There are plenty of other places where we allow arbitrary paths in the
> > XML, but which have restrictions imposed by the security drivers. Not
> > least the <channel> devices which have the exact same scenario as this
> > network device, and require use of /var/lib/libvirt/qemu as the directory
> > for the sockets. We certainly do not want to allow QEMU to create sockets
> > anywhere.
>
> Umm, how exactly is an application supposed to use (i.e. open) the
> channel devices defined in XML?
>
> Previously I deliberately left out the path in the XML to let libvirt
> choose the path and extracted it from the XML after defining the
> domain. This ensured qemu could access the path, plus it was the
> responsibility of libvirt to clean it up once the domain was
> undefined. Easy and simple.
>
> Since 71408079 [qemu: Don't bother user with libvirt-internal paths],
> the path chosen by libvirt isn't included in the domain XML anymore. So
> now I need to choose the path inside the application. The only safe way
> to do that is by using something in an application-managed namespace
> (e.g. /var/lib/myapp/foo or /tmp/myapp/foo); I certainly wouldn't want
> to second guess what paths would be safe inside the libvirt namespace
> (/var/lib/libvirt/qemu). Except now I hear that anything outside
> /var/lib/libvirt/qemu is not guaranteed to work due to e.g. the SELinux
> policy configured by libvirt...
IIUC that change 71408079 ought to only apply to the persistent XML
configuration on disk. When the guest is running the live XML ought
to still report the path libvirt chose, so you should still be able
to see it while running. If that isn't the case then please raise a
bug, because we certainly expect apps to be able to discover the
path libvirt picked for exactly the reason you describe
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2016-06-03 8:34 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1464712247-11655-1-git-send-email-wexu@redhat.com>
[not found] ` <574DC83B.9010802@redhat.com>
2016-06-01 15:44 ` [Qemu-devel] [RFC Patch 0/3] Accept passed in socket 'fd' open from outside for unix socket Wei Xu
[not found] ` <20160531164448.GE21628@redhat.com>
2016-06-01 16:16 ` Wei Xu
2016-06-02 7:41 ` Michal Privoznik
2016-06-02 8:29 ` Daniel P. Berrange
2016-06-02 11:38 ` Michal Privoznik
2016-06-02 18:07 ` Wei Xu
2016-06-03 8:32 ` Daniel P. Berrange
2016-06-08 10:07 ` Amnon Ilan
[not found] ` <20160608212738.GH3073@plex>
[not found] ` <f7tvb1jxsfq.fsf@redhat.com>
2016-06-09 7:46 ` Amnon Ilan
2016-06-09 9:16 ` Daniel P. Berrange
2016-06-13 8:57 ` Michal Privoznik
2016-06-14 8:03 ` Wei Xu
2016-06-14 8:17 ` Daniel P. Berrange
2016-06-14 14:23 ` Aaron Conole
2016-06-14 17:50 ` Wei Xu
2016-06-14 12:47 ` Amnon Ilan
2016-06-14 14:21 ` Aaron Conole
2016-06-02 19:27 ` [Qemu-devel] Channel paths (was: Re: [RFC Patch 0/3] Accept passed in socket 'fd' open from outside for unix socket) Sascha Silbe
[not found] ` <201606021927.u52JB3YU031760@mx0a-001b2d01.pphosted.com>
2016-06-03 8:34 ` Daniel P. Berrange [this message]
2016-06-07 18:44 ` [Qemu-devel] Channel paths Sascha Silbe
2016-06-22 15:24 ` [Qemu-devel] [RFC Patch 0/3] Accept passed in socket 'fd' open from outside for unix socket Wei Xu
[not found] ` <1464712247-11655-3-git-send-email-wexu@redhat.com>
[not found] ` <574DC93E.4000700@redhat.com>
2016-06-01 16:20 ` [Qemu-devel] [RFC Patch 2/3] chardev: save the passed in 'fd' parameter during parsing Wei Xu
2016-06-22 15:26 ` Wei Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160603083418.GB13827@redhat.com \
--to=berrange@redhat.com \
--cc=amit.shah@redhat.com \
--cc=armbru@redhat.com \
--cc=jasowang@redhat.com \
--cc=mprivozn@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=silbe@linux.vnet.ibm.com \
--cc=wexu@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).