From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:41467)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TR1o8-0008HE-Qh
	for qemu-devel@nongnu.org; Wed, 24 Oct 2012 10:19:50 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TR1o1-0001aH-Tx
	for qemu-devel@nongnu.org; Wed, 24 Oct 2012 10:19:44 -0400
Received: from e7.ny.us.ibm.com ([32.97.182.137]:48852)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TR1o1-0001aD-Pg
	for qemu-devel@nongnu.org; Wed, 24 Oct 2012 10:19:37 -0400
Received: from /spool/local
	by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <coreyb@linux.vnet.ibm.com>;
	Wed, 24 Oct 2012 10:19:37 -0400
Received: from d01relay03.pok.ibm.com (d01relay03.pok.ibm.com [9.56.227.235])
	by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 270AE38C80C4
	for <qemu-devel@nongnu.org>; Wed, 24 Oct 2012 10:18:25 -0400 (EDT)
Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216])
	by d01relay03.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	q9OEIJGG083178
	for <qemu-devel@nongnu.org>; Wed, 24 Oct 2012 10:18:19 -0400
Received: from d01av02.pok.ibm.com (loopback [127.0.0.1])
	by d01av02.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id
	q9OEI7mR029319
	for <qemu-devel@nongnu.org>; Wed, 24 Oct 2012 12:18:07 -0200
Message-ID: <5087F899.2030604@linux.vnet.ibm.com>
Date: Wed, 24 Oct 2012 10:18:01 -0400
From: Corey Bryant <coreyb@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <1350479712-15082-1-git-send-email-otubo@linux.vnet.ibm.com>
	<1350479712-15082-4-git-send-email-otubo@linux.vnet.ibm.com>
	<50801D29.2080305@redhat.com>
In-Reply-To: <50801D29.2080305@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: pmoore@redhat.com, aliguori@us.ibm.com, qemu-devel@nongnu.org, Eduardo Otubo <otubo@linux.vnet.ibm.com>



On 10/18/2012 11:15 AM, Paolo Bonzini wrote:
> Il 17/10/2012 15:15, Eduardo Otubo ha scritto:
>> With the inclusion of the new "double whitelist" seccomp filter, Qemu
>> won't be able to execve() in runtime, thus, no hotplug net devices
>> allowed.
>>
>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>
> Please check this in net_init_tap instead.  When using libvirt, hotplug
> is done with a completely different mechanism that involves
> file-descriptor passing and does not require executing a helper.
>
> Paolo
>

Are you sure net_init_tap() is the right place for this check?  We only 
want to prevent execve() after main_loop() is entered.  In other words 
we want to allow execve() caused by a command line option (e.g. -net 
tap) but we want to prevent execve() when it is the result of a monitor 
command (e.g. netdev_add tap).

>> ---
>>   hmp.c |  6 ++++++
>>   net.c | 13 +++++++++++++
>>   2 files changed, 19 insertions(+)
>>
>> diff --git a/hmp.c b/hmp.c
>> index 70bdec2..f258338 100644
>> --- a/hmp.c
>> +++ b/hmp.c
>> @@ -1091,6 +1091,12 @@ void hmp_netdev_add(Monitor *mon, const QDict *qdict)
>>       Error *err = NULL;
>>       QemuOpts *opts;
>>
>> +#ifdef CONFIG_SECCOMP
>> +    error_set(&err, ERROR_CLASS_GENERIC_ERROR,
>> +            "Cannot hotplug TAP device when -sandbox is in effect");
>> +    goto out;
>> +#endif
>> +
>>       opts = qemu_opts_from_qdict(qemu_find_opts("netdev"), qdict, &err);
>>       if (error_is_set(&err)) {
>>           goto out;
>> diff --git a/net.c b/net.c
>> index ae4bc0d..a652ee9 100644
>> --- a/net.c
>> +++ b/net.c
>> @@ -752,6 +752,12 @@ void net_host_device_add(Monitor *mon, const QDict *qdict)
>>       Error *local_err = NULL;
>>       QemuOpts *opts;
>>
>> +#ifdef CONFIG_SECCOMP
>> +    error_set(&local_err, ERROR_CLASS_GENERIC_ERROR,
>> +            "Cannot hotplug TAP device when -sandbox is in effect");
>> +    goto out;
>> +#endif
>> +
>>       if (!net_host_check_device(device)) {
>>           monitor_printf(mon, "invalid host network device %s\n", device);
>>           return;
>> @@ -765,6 +771,7 @@ void net_host_device_add(Monitor *mon, const QDict *qdict)
>>       qemu_opt_set(opts, "type", device);
>>
>>       net_client_init(opts, 0, &local_err);
>> +out:
>>       if (error_is_set(&local_err)) {
>>           qerror_report_err(local_err);
>>           error_free(local_err);
>> @@ -800,6 +807,12 @@ int qmp_netdev_add(Monitor *mon, const QDict *qdict, QObject **ret)
>>       QemuOptsList *opts_list;
>>       QemuOpts *opts;
>>
>> +#ifdef CONFIG_SECCOMP
>> +    error_set(&local_err, ERROR_CLASS_GENERIC_ERROR,
>> +            "Cannot hotplug TAP device when -sandbox is in effect");
>> +    goto exit_err;
>> +#endif
>> +
>>       opts_list = qemu_find_opts_err("netdev", &local_err);
>>       if (error_is_set(&local_err)) {
>>           goto exit_err;
>>
>
>
>
>

-- 
Regards,
Corey Bryant