From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35292)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <zhang.zhanghailiang@huawei.com>) id 1YQXE5-0008UW-A9
	for qemu-devel@nongnu.org; Wed, 25 Feb 2015 03:21:50 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <zhang.zhanghailiang@huawei.com>) id 1YQXE1-0008GG-4o
	for qemu-devel@nongnu.org; Wed, 25 Feb 2015 03:21:49 -0500
Received: from szxga03-in.huawei.com ([119.145.14.66]:51174)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <zhang.zhanghailiang@huawei.com>) id 1YQXE0-0008Dr-B4
	for qemu-devel@nongnu.org; Wed, 25 Feb 2015 03:21:45 -0500
Message-ID: <54ED85FB.8040304@huawei.com>
Date: Wed, 25 Feb 2015 16:21:15 +0800
From: zhanghailiang <zhang.zhanghailiang@huawei.com>
MIME-Version: 1.0
References: <1423711034-5340-1-git-send-email-zhang.zhanghailiang@huawei.com>
	<1423711034-5340-18-git-send-email-zhang.zhanghailiang@huawei.com>
	<54E2825B.9040500@redhat.com> <54EC494E.6000901@cn.fujitsu.com>
	<54ECA740.4050701@redhat.com> <20150224172410.GT21611@redhat.com>
In-Reply-To: <20150224172410.GT21611@redhat.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command
 parameter 'colo_nicname' 'colo_script' for net
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>, Eric Blake <eblake@redhat.com>
Cc: hangaohuai@huawei.com, Li Zhijian <lizhijian@cn.fujitsu.com>, yunhong.jiang@intel.com, eddie.dong@intel.com, peter.huangpeng@huawei.com, qemu-devel@nongnu.org, Gao feng <gaofeng@cn.fujitsu.com>, stefanha@redhat.com, pbonzini@redhat.com, dgilbert@redhat.com

On 2015/2/25 1:24, Daniel P. Berrange wrote:
> On Tue, Feb 24, 2015 at 09:30:56AM -0700, Eric Blake wrote:
>> On 02/24/2015 02:50 AM, Wen Congyang wrote:
>>>> Script files are in general very hard to secure.  Libvirt marks any
>>>> domain that uses a script file for controlling networking as tainted,
>>>> because it cannot guarantee that the script did not do arbitrary
>>>> actions.  Can you come up with any better solution that does not require
>>>> a script file, such as having management software responsible for
>>>> passing in an already-opened fd?
>>>
>>> Do you mean that opening the script in libvirt?
>>>
>>
>> No, I mean a solution that needs no script file at all.  Have libvirt
>> pre-open the TAP device you will need, then pass in the fd that will be
>> used for the colo NIC.
>
> Agreed, we really must not add new features that require executing
> arbitrary blackbox shell scripts to QEMU, when we know that reslts in
> a flawed security model. And just pushing the script execution upto
> libvirt is not really a satisfactory solution either.
>

Hmm, this script is mainly used for controlling net packet forward by using tc
command and setting iptable rules for colo by using iptables command.
Is there any API for linux iptables and tc (traffic control) ?

Thanks,
zhanghailiang