From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47587) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNVRO-000658-Ug for qemu-devel@nongnu.org; Mon, 16 Feb 2015 18:51:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YNVRK-00044r-TT for qemu-devel@nongnu.org; Mon, 16 Feb 2015 18:51:02 -0500 Received: from mx1.redhat.com ([209.132.183.28]:47813) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNVRK-00044f-MA for qemu-devel@nongnu.org; Mon, 16 Feb 2015 18:50:58 -0500 Message-ID: <54E2825B.9040500@redhat.com> Date: Mon, 16 Feb 2015 16:50:51 -0700 From: Eric Blake MIME-Version: 1.0 References: <1423711034-5340-1-git-send-email-zhang.zhanghailiang@huawei.com> <1423711034-5340-18-git-send-email-zhang.zhanghailiang@huawei.com> In-Reply-To: <1423711034-5340-18-git-send-email-zhang.zhanghailiang@huawei.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="68FCBCwRfW7DXIuVSrI7SBKBaUjw7bPxa" Subject: Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'colo_nicname' 'colo_script' for net List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: zhanghailiang , qemu-devel@nongnu.org Cc: Li Zhijian , yunhong.jiang@intel.com, eddie.dong@intel.com, dgilbert@redhat.com, peter.huangpeng@huawei.com, Gao feng , stefanha@redhat.com, pbonzini@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --68FCBCwRfW7DXIuVSrI7SBKBaUjw7bPxa Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 02/11/2015 08:17 PM, zhanghailiang wrote: > The 'colo_nicname' should be assigned with network name, > for exmple, 'eth2'. It will be parameter of 'colo_script', s/exmple/example/ > 'colo_script' should be assigned with an scirpt path. s/an scirpt/a script/ >=20 > We parse these parameter in tap. Script files are in general very hard to secure. Libvirt marks any domain that uses a script file for controlling networking as tainted, because it cannot guarantee that the script did not do arbitrary actions. Can you come up with any better solution that does not require a script file, such as having management software responsible for passing in an already-opened fd? >=20 > Signed-off-by: zhanghailiang > Signed-off-by: Gao feng > Signed-off-by: Li Zhijian > --- > include/net/net.h | 4 ++++ > net/tap.c | 27 ++++++++++++++++++++++++--- > qapi-schema.json | 8 +++++++- > qemu-options.hx | 10 +++++++++- > 4 files changed, 44 insertions(+), 5 deletions(-) >=20 > +++ b/qapi-schema.json > @@ -2101,6 +2101,10 @@ > # > # @queues: #optional number of queues to be created for multiqueue cap= able tap > # > +# @colo_nicname: #optional the host physical nic for QEMU (Since 2.3) > +# > +# @colo_script: #optional the script file which used by COLO (Since 2.= 3) s/_/-/ in both parameter names, please. Since they are optional, it might be worth documenting what they default to when not present. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --68FCBCwRfW7DXIuVSrI7SBKBaUjw7bPxa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJU4oJbAAoJEKeha0olJ0NqfvAH/j1GeSjU8SOf0s2kLdLujc1k cMqivJq2Yb1oxJx9GvokWAWvfQgsps/dmaTLp1PpE6XCN8Fzdng6EUeblw2E29+6 7Yc3u4FTacZ1ShpTZZLmicTuphl8ghsW1Sm3fzYePo2m1rTCcmsx8vE5S2LPMoth OnJxz5gJIq5b9d97TkP41C4YlXITjGvWodfI30FGMBH/4V6eFy2GLDi3cnDdletw BbsrZbCj3FaRQy8dN4VulmYPm8PdMdRFNDhzwWFnUDs9t+q3bzDRlp8FrXAYge6q 4raKb5WiNvc2Jnq9Bq2vX8cDIuKI8v9JeqWJoTZVypF1va2L8fDALd1tbWpHEkA= =31k2 -----END PGP SIGNATURE----- --68FCBCwRfW7DXIuVSrI7SBKBaUjw7bPxa--