From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:56654)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TOrej-0003YR-4R
	for qemu-devel@nongnu.org; Thu, 18 Oct 2012 11:05:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TOreh-000576-O9
	for qemu-devel@nongnu.org; Thu, 18 Oct 2012 11:05:05 -0400
Received: from e5.ny.us.ibm.com ([32.97.182.145]:46246)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TOreh-00054L-Js
	for qemu-devel@nongnu.org; Thu, 18 Oct 2012 11:05:03 -0400
Received: from /spool/local
	by e5.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <coreyb@linux.vnet.ibm.com>;
	Thu, 18 Oct 2012 11:04:55 -0400
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234])
	by d01dlp03.pok.ibm.com (Postfix) with ESMTP id B567BC900A4
	for <qemu-devel@nongnu.org>; Thu, 18 Oct 2012 10:59:53 -0400 (EDT)
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217])
	by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	q9IExrC2139164
	for <qemu-devel@nongnu.org>; Thu, 18 Oct 2012 10:59:53 -0400
Received: from d01av03.pok.ibm.com (loopback [127.0.0.1])
	by d01av03.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	q9IExoHs013651
	for <qemu-devel@nongnu.org>; Thu, 18 Oct 2012 11:59:50 -0300
Message-ID: <50801965.1050402@linux.vnet.ibm.com>
Date: Thu, 18 Oct 2012 10:59:49 -0400
From: Corey Bryant <coreyb@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <1350479712-15082-1-git-send-email-otubo@linux.vnet.ibm.com>
	<1350479712-15082-4-git-send-email-otubo@linux.vnet.ibm.com>
In-Reply-To: <1350479712-15082-4-git-send-email-otubo@linux.vnet.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Cc: pmoore@redhat.com, aliguori@us.ibm.com, qemu-devel@nongnu.org



On 10/17/2012 09:15 AM, Eduardo Otubo wrote:
> With the inclusion of the new "double whitelist" seccomp filter, Qemu
> won't be able to execve() in runtime, thus, no hotplug net devices
> allowed.
>
> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
> ---
>   hmp.c |  6 ++++++
>   net.c | 13 +++++++++++++
>   2 files changed, 19 insertions(+)
>
> diff --git a/hmp.c b/hmp.c
> index 70bdec2..f258338 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -1091,6 +1091,12 @@ void hmp_netdev_add(Monitor *mon, const QDict *qdict)
>       Error *err = NULL;
>       QemuOpts *opts;
>
> +#ifdef CONFIG_SECCOMP
> +    error_set(&err, ERROR_CLASS_GENERIC_ERROR,
> +            "Cannot hotplug TAP device when -sandbox is in effect");
> +    goto out;
> +#endif
> +
>       opts = qemu_opts_from_qdict(qemu_find_opts("netdev"), qdict, &err);
>       if (error_is_set(&err)) {
>           goto out;
> diff --git a/net.c b/net.c
> index ae4bc0d..a652ee9 100644
> --- a/net.c
> +++ b/net.c
> @@ -752,6 +752,12 @@ void net_host_device_add(Monitor *mon, const QDict *qdict)
>       Error *local_err = NULL;
>       QemuOpts *opts;
>
> +#ifdef CONFIG_SECCOMP
> +    error_set(&local_err, ERROR_CLASS_GENERIC_ERROR,
> +            "Cannot hotplug TAP device when -sandbox is in effect");
> +    goto out;
> +#endif
> +
>       if (!net_host_check_device(device)) {
>           monitor_printf(mon, "invalid host network device %s\n", device);
>           return;
> @@ -765,6 +771,7 @@ void net_host_device_add(Monitor *mon, const QDict *qdict)
>       qemu_opt_set(opts, "type", device);
>
>       net_client_init(opts, 0, &local_err);
> +out:
>       if (error_is_set(&local_err)) {
>           qerror_report_err(local_err);
>           error_free(local_err);
> @@ -800,6 +807,12 @@ int qmp_netdev_add(Monitor *mon, const QDict *qdict, QObject **ret)
>       QemuOptsList *opts_list;
>       QemuOpts *opts;
>
> +#ifdef CONFIG_SECCOMP
> +    error_set(&local_err, ERROR_CLASS_GENERIC_ERROR,
> +            "Cannot hotplug TAP device when -sandbox is in effect");
> +    goto exit_err;
> +#endif
> +
>       opts_list = qemu_find_opts_err("netdev", &local_err);
>       if (error_is_set(&local_err)) {
>           goto exit_err;
>

I think you need to either remove "TAP" from these messages, or limit 
this new code to tap and bridge since those are the backends that call 
execve().

Also, this should be documented somewhere so that users can find out 
about this behavior before attempting to hotplug a network device. 
Perhaps this could be documented on the man page for -sandbox and notes 
could be added to the HMP/QMP commands.

-- 
Regards,
Corey Bryant