From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45854)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YxFPh-0005oR-GQ
	for qemu-devel@nongnu.org; Tue, 26 May 2015 10:01:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YxFPg-0007gR-9G
	for qemu-devel@nongnu.org; Tue, 26 May 2015 10:01:01 -0400
Received: from mail-wg0-x22c.google.com ([2a00:1450:400c:c00::22c]:34353)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1YxFPf-0007g2-JG
	for qemu-devel@nongnu.org; Tue, 26 May 2015 10:00:59 -0400
Received: by wghq2 with SMTP id q2so98133678wgh.1
	for <qemu-devel@nongnu.org>; Tue, 26 May 2015 07:00:58 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <55647C97.9040302@redhat.com>
Date: Tue, 26 May 2015 16:00:55 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <55645794.3020202@redhat.com>	<1432644847-7566-1-git-send-email-michael.i.doherty@intel.com>
	<1432644847-7566-2-git-send-email-michael.i.doherty@intel.com>
In-Reply-To: <1432644847-7566-2-git-send-email-michael.i.doherty@intel.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v3 2/2] qemu-bridge-helper: Use stateless
 configuration for bridge.conf
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ikey Doherty <michael.i.doherty@intel.com>, qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>

CCing maintainer.

Paolo

On 26/05/2015 14:54, Ikey Doherty wrote:
> The goal of stateless, and thus this change, is to separate OS configuration
> from system administrator configuration. With this change we will read the
> default configuration data from /usr/share/defaults/qemu, in the absence of
> an overriding site administrator configuration in /etc/qemu.
> 
> A key advantage of this change is enabling a sane and immutable default OS
> configuration, that is resiliant to upgrades. Ultimate power is still left
> to the system administrator, with the ability to override the defaults if
> required. Lastly, given that the sane defaults are always available, the
> administrator may simply remove their site-config files to reset the
> configuration to the "factory defaults" (i.e. OS configuration).
> 
> Signed-off-by: Ikey Doherty <michael.i.doherty@intel.com>
> ---
>  configure            |  2 ++
>  qemu-bridge-helper.c | 15 +++++++++------
>  2 files changed, 11 insertions(+), 6 deletions(-)
> 
> diff --git a/configure b/configure
> index f758f32..a0b6477 100755
> --- a/configure
> +++ b/configure
> @@ -4303,6 +4303,7 @@ fi
>  qemu_confdir=$sysconfdir$confsuffix
>  qemu_moddir=$libdir$confsuffix
>  qemu_datadir=$datadir$confsuffix
> +qemu_defaultdir="$datadir/defaults$confsuffix"
>  qemu_localedir="$datadir/locale"
>  
>  tools=""
> @@ -4543,6 +4544,7 @@ echo "mandir=$mandir" >> $config_host_mak
>  echo "sysconfdir=$sysconfdir" >> $config_host_mak
>  echo "qemu_confdir=$qemu_confdir" >> $config_host_mak
>  echo "qemu_datadir=$qemu_datadir" >> $config_host_mak
> +echo "qemu_defaultdir=$qemu_defaultdir" >> $config_host_mak
>  echo "qemu_docdir=$qemu_docdir" >> $config_host_mak
>  echo "qemu_moddir=$qemu_moddir" >> $config_host_mak
>  if test "$mingw32" = "no" ; then
> diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
> index 36eb3bc..0f795f4 100644
> --- a/qemu-bridge-helper.c
> +++ b/qemu-bridge-helper.c
> @@ -47,7 +47,8 @@
>  #include <cap-ng.h>
>  #endif
>  
> -#define DEFAULT_ACL_FILE CONFIG_QEMU_CONFDIR "/bridge.conf"
> +#define DEFAULT_ACL_FILE CONFIG_QEMU_DEFAULTDIR "/bridge.conf"
> +#define SITE_ACL_FILE    CONFIG_QEMU_CONFDIR    "/bridge.conf"
>  
>  enum {
>      ACL_ALLOW = 0,
> @@ -272,11 +273,13 @@ int main(int argc, char **argv)
>  
>      /* parse default acl file */
>      QSIMPLEQ_INIT(&acl_list);
> -    if (parse_acl_file(DEFAULT_ACL_FILE, &acl_list) == -1) {
> -        fprintf(stderr, "failed to parse default acl file `%s'\n",
> -                DEFAULT_ACL_FILE);
> -        ret = EXIT_FAILURE;
> -        goto cleanup;
> +    if (parse_acl_file(SITE_ACL_FILE, &acl_list) == -1) {
> +        if (parse_acl_file(DEFAULT_ACL_FILE, &acl_list) == -1) {
> +            fprintf(stderr, "failed to parse default acl file `%s'\n",
> +                    DEFAULT_ACL_FILE);
> +            ret = EXIT_FAILURE;
> +            goto cleanup;
> +        }
>      }
>  
>      /* validate bridge against acl -- default policy is to deny
>