Re: [Qemu-devel] [PATCH 4/4] Warning messages on net devices hotplug

[Paolo Bonzini <pbonzini@redhat.com>]

Il 24/10/2012 17:39, Corey Bryant ha scritto:
> 
> 
> On 10/24/2012 11:21 AM, Paolo Bonzini wrote:
>> Il 24/10/2012 16:18, Corey Bryant ha scritto:
>>>
>>>
>>> On 10/18/2012 11:15 AM, Paolo Bonzini wrote:
>>>> Il 17/10/2012 15:15, Eduardo Otubo ha scritto:
>>>>> With the inclusion of the new "double whitelist" seccomp filter, Qemu
>>>>> won't be able to execve() in runtime, thus, no hotplug net devices
>>>>> allowed.
>>>>>
>>>>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>>>>
>>>> Please check this in net_init_tap instead.  When using libvirt, hotplug
>>>> is done with a completely different mechanism that involves
>>>> file-descriptor passing and does not require executing a helper.
>>>>
>>>> Paolo
>>>>
>>>
>>> Are you sure net_init_tap() is the right place for this check?
>>
>> Yes, assuming there is a global that says whether the seccomp sandbox is
>> in effect.  Even something like "if (sandbox_active && !tap->has_fd)
>> error(...)" can be enough.
>>
>> Paolo
>>
> 
> What do you think about this? It moves the checks into the functions
> that actually cause execve() to be called, and it only prevents the
> commands after QEMU is done with initialization in main().

It doesn't do error reporting correctly because these functions do not
get an Error **.  If you change that and use error_setg instead of
error_report, it should be okay.

However, I really think what your testing is not
runstate_is_prelaunch(), it is seccomp_effective().  If you structure
the test like that, it also lets you eliminate the #ifdef (which in
general we prefer to avoid).

Paolo