[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'c

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'colo_nicname' 'colo_script' for net
Date: Tue, 24 Feb 2015 09:30:56 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

On 02/24/2015 02:50 AM, Wen Congyang wrote:
>> Script files are in general very hard to secure.  Libvirt marks any
>> domain that uses a script file for controlling networking as tainted,
>> because it cannot guarantee that the script did not do arbitrary
>> actions.  Can you come up with any better solution that does not require
>> a script file, such as having management software responsible for
>> passing in an already-opened fd?
> Do you mean that opening the script in libvirt?

No, I mean a solution that needs no script file at all.  Have libvirt
pre-open the TAP device you will need, then pass in the fd that will be
used for the colo NIC.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]