[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'c

From: Daniel P. Berrange
Subject: Re: [Qemu-devel] [PATCH RFC v3 17/27] COLO: Add new command parameter 'colo_nicname' 'colo_script' for net
Date: Wed, 25 Feb 2015 10:09:59 +0000
User-agent: Mutt/1.5.23 (2014-03-12)

On Wed, Feb 25, 2015 at 04:21:15PM +0800, zhanghailiang wrote:
> On 2015/2/25 1:24, Daniel P. Berrange wrote:
> >On Tue, Feb 24, 2015 at 09:30:56AM -0700, Eric Blake wrote:
> >>On 02/24/2015 02:50 AM, Wen Congyang wrote:
> >>>>Script files are in general very hard to secure.  Libvirt marks any
> >>>>domain that uses a script file for controlling networking as tainted,
> >>>>because it cannot guarantee that the script did not do arbitrary
> >>>>actions.  Can you come up with any better solution that does not require
> >>>>a script file, such as having management software responsible for
> >>>>passing in an already-opened fd?
> >>>
> >>>Do you mean that opening the script in libvirt?
> >>>
> >>
> >>No, I mean a solution that needs no script file at all.  Have libvirt
> >>pre-open the TAP device you will need, then pass in the fd that will be
> >>used for the colo NIC.
> >
> >Agreed, we really must not add new features that require executing
> >arbitrary blackbox shell scripts to QEMU, when we know that reslts in
> >a flawed security model. And just pushing the script execution upto
> >libvirt is not really a satisfactory solution either.
> >
> Hmm, this script is mainly used for controlling net packet forward by using tc
> command and setting iptable rules for colo by using iptables command.
> Is there any API for linux iptables and tc (traffic control) ?

I think you'll need to explain in detail exactly what the requirements
are in terms of firewall and traffic shaping setup.  Libvirt itself
already applies firewall and traffic shaping rules to guests, when
instructed by the mgmt application todo so. So if this new feature
requires specific settings for firewall / traffic shaping, then it
will be neccessary to update libvirt to make it do the right thing.
You can't have two separate bits of code both modifying the firewall
and traffic shaping rules for the same guest as it will end in

|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

reply via email to

[Prev in Thread] Current Thread [Next in Thread]