[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'c
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'colo_nicname' 'colo_script' for net |
Date: |
Wed, 25 Feb 2015 10:09:59 +0000 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Feb 25, 2015 at 04:21:15PM +0800, zhanghailiang wrote:
> On 2015/2/25 1:24, Daniel P. Berrange wrote:
> >On Tue, Feb 24, 2015 at 09:30:56AM -0700, Eric Blake wrote:
> >>On 02/24/2015 02:50 AM, Wen Congyang wrote:
> >>>>Script files are in general very hard to secure. Libvirt marks any
> >>>>domain that uses a script file for controlling networking as tainted,
> >>>>because it cannot guarantee that the script did not do arbitrary
> >>>>actions. Can you come up with any better solution that does not require
> >>>>a script file, such as having management software responsible for
> >>>>passing in an already-opened fd?
> >>>
> >>>Do you mean that opening the script in libvirt?
> >>>
> >>
> >>No, I mean a solution that needs no script file at all. Have libvirt
> >>pre-open the TAP device you will need, then pass in the fd that will be
> >>used for the colo NIC.
> >
> >Agreed, we really must not add new features that require executing
> >arbitrary blackbox shell scripts to QEMU, when we know that reslts in
> >a flawed security model. And just pushing the script execution upto
> >libvirt is not really a satisfactory solution either.
> >
>
> Hmm, this script is mainly used for controlling net packet forward by using tc
> command and setting iptable rules for colo by using iptables command.
> Is there any API for linux iptables and tc (traffic control) ?
I think you'll need to explain in detail exactly what the requirements
are in terms of firewall and traffic shaping setup. Libvirt itself
already applies firewall and traffic shaping rules to guests, when
instructed by the mgmt application todo so. So if this new feature
requires specific settings for firewall / traffic shaping, then it
will be neccessary to update libvirt to make it do the right thing.
You can't have two separate bits of code both modifying the firewall
and traffic shaping rules for the same guest as it will end in
disaster
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH RFC v3 10/27] COLO: Save VM state to slave when do checkpoint, (continued)
- [Qemu-devel] [PATCH RFC v3 10/27] COLO: Save VM state to slave when do checkpoint, zhanghailiang, 2015/02/11
- [Qemu-devel] [PATCH RFC v3 13/27] COLO RAM: Flush cached RAM into SVM's memory, zhanghailiang, 2015/02/11
- [Qemu-devel] [PATCH RFC v3 16/27] COLO failover: Don't do failover during loading VM's state, zhanghailiang, 2015/02/11
- [Qemu-devel] [PATCH RFC v3 15/27] COLO failover: Implement COLO master/slave failover work, zhanghailiang, 2015/02/11
- [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'colo_nicname' 'colo_script' for net, zhanghailiang, 2015/02/11
- Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'colo_nicname' 'colo_script' for net, zhanghailiang, 2015/02/25
[Qemu-devel] [PATCH RFC v3 18/27] COLO NIC: Init/remove colo nic devices when add/cleanup tap devices, zhanghailiang, 2015/02/11
[Qemu-devel] [PATCH RFC v3 21/27] COLO NIC: Some init work related with proxy module, zhanghailiang, 2015/02/11
[Qemu-devel] [PATCH RFC v3 19/27] COLO NIC: Implement colo nic device interface configure(), zhanghailiang, 2015/02/11
[Qemu-devel] [PATCH RFC v3 20/27] COLO NIC : Implement colo nic init/destroy function, zhanghailiang, 2015/02/11