From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: virtio-fs@redhat.com,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Eryu Guan" <eguan@linux.alibaba.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [RFC 0/3] virtiofsd: get/set log level via DBus
Date: Fri, 6 Sep 2019 11:35:23 +0100 [thread overview]
Message-ID: <20190906103523.GB2699@work-vm> (raw)
In-Reply-To: <20190906102926.GF5900@stefanha-x1.localdomain>
* Stefan Hajnoczi (stefanha@redhat.com) wrote:
> On Thu, Sep 05, 2019 at 06:40:21PM +0100, Dr. David Alan Gilbert wrote:
> > * Stefan Hajnoczi (stefanha@redhat.com) wrote:
> > > It is likely that virtiofsd will need to support "management commands" for
> > > reconfiguring it at runtime. The first use case was proposed by Eryu Guan for
> > > getting/setting the current log level.
> > >
> > > I promised to try out DBus as the management interface because it has a rich
> > > feature set and is accessible from most programming languages. It should be
> > > able to support all the use cases we come up with.
> > >
> > > This patch series is a prototype that implements the get-log-level and
> > > set-log-level management commands via DBus. Use the new virtiofsctl tool to
> > > talk to a running virtiofsd process:
> > >
> > > # dbus-run-session ./virtiofsd ...
> > > ...
> > > Using dbus address unix:abstract=/tmp/dbus-H9WBbpjk3O,guid=0be16acefb868e6025a8737f5d7124d2
> > > # export DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-H9WBbpjk3O,guid=0be16acefb868e6025a8737f5d7124d2
> > > # ./virtiofsctl set-log-level err
> > >
> > > Most of the work is done by gdbus-codegen(1). It generates code for the
> > > org.qemu.Virtiofsd.xml interface definition. Our code can use the simple
> > > virtiofsd_get/set_log_level() APIs and it will make corresponding DBus calls.
> > >
> > > I'm pretty happy with this approach because the code is straightforward. It
> > > hasn't even triggered seccomp failures yet :).
> >
> > Yes it's less complex than I'd worried.
> > Now, I do think we've got to think about how qemu in general is going to
> > use dbus as people were discussing it, because then we have to think
> > what the security aspects are - do we need to look at some calls only
> > available to some clients etc.
>
> The approach I took in this patch series is to launch a session bus just
> for this virtiofsd. The abstract socket unix(7) namespace used by GDBus
> by default does not offer any security. I think any process on the host
> can connect to it, regardless of uid/gid.
>
> A path like unix:path=/tmp/foo would allow us to use UNIX Domain Socket
> permissions as the main security mechanism.
Yes, that I'm fine with; my worry is that there was talk of much more
complex dbus setups coming out of the qemu world with many things being
connected; and then we have to think about security upfront.
> I'm not enthusiastic about
> using SELinux or some kind of DBus-specific policy language if we can
> avoid it because it's complex and obscure.
Right.
Dave
> Stefan
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2019-09-06 10:36 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-05 15:21 [Qemu-devel] [RFC 0/3] virtiofsd: get/set log level via DBus Stefan Hajnoczi
2019-09-05 15:21 ` [Qemu-devel] [RFC 1/3] virtiofsd: add org.qemu.Virtiofsd interface Stefan Hajnoczi
2019-09-05 15:21 ` [Qemu-devel] [RFC 2/3] virtiofsd: add DBus server to handle log level changes Stefan Hajnoczi
2019-09-05 17:27 ` Dr. David Alan Gilbert
2019-09-06 10:23 ` Stefan Hajnoczi
2019-09-06 10:49 ` Daniel P. Berrangé
2019-09-06 11:12 ` Dr. David Alan Gilbert
2019-09-06 11:48 ` Daniel P. Berrangé
2019-09-05 15:21 ` [Qemu-devel] [RFC 3/3] virtiofsd: add virtiofsctl command-line management tool Stefan Hajnoczi
2019-09-05 17:12 ` Dr. David Alan Gilbert
2019-09-05 20:03 ` Marc-André Lureau
2019-09-06 10:33 ` Stefan Hajnoczi
2019-09-05 17:40 ` [Qemu-devel] [RFC 0/3] virtiofsd: get/set log level via DBus Dr. David Alan Gilbert
2019-09-06 10:29 ` Stefan Hajnoczi
2019-09-06 10:35 ` Dr. David Alan Gilbert [this message]
2019-09-06 11:03 ` Daniel P. Berrangé
2019-09-06 10:47 ` Daniel P. Berrangé
2019-09-09 12:37 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190906103523.GB2699@work-vm \
--to=dgilbert@redhat.com \
--cc=eguan@linux.alibaba.com \
--cc=marcandre.lureau@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).