On 10/24/2012 10:18 AM, Corey Bryant wrote:
On 10/18/2012 11:15 AM, Paolo Bonzini wrote:
Il 17/10/2012 15:15, Eduardo Otubo ha scritto:
With the inclusion of the new "double whitelist" seccomp filter, Qemu
won't be able to execve() in runtime, thus, no hotplug net devices
allowed.
Signed-off-by: Eduardo Otubo <ot...@linux.vnet.ibm.com>
Please check this in net_init_tap instead. When using libvirt, hotplug
is done with a completely different mechanism that involves
file-descriptor passing and does not require executing a helper.
Paolo
Are you sure net_init_tap() is the right place for this check? We only
want to prevent execve() after main_loop() is entered. In other words
we want to allow execve() caused by a command line option (e.g. -net
tap) but we want to prevent execve() when it is the result of a monitor
command (e.g. netdev_add tap).
Or perhaps we could put the check in net_init_tap() and only prevent the
command when runstate != RUN_STATE_PRELAUNCH?
Note that we plan to only prevent the hotplug of net devices in the
cases when execve() would be called. So libvirt will still be able to
pass an fd.
---
hmp.c | 6 ++++++
net.c | 13 +++++++++++++
2 files changed, 19 insertions(+)
diff --git a/hmp.c b/hmp.c
index 70bdec2..f258338 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1091,6 +1091,12 @@ void hmp_netdev_add(Monitor *mon, const QDict
*qdict)
Error *err = NULL;
QemuOpts *opts;
+#ifdef CONFIG_SECCOMP
+ error_set(&err, ERROR_CLASS_GENERIC_ERROR,
+ "Cannot hotplug TAP device when -sandbox is in effect");
+ goto out;
+#endif
+
opts = qemu_opts_from_qdict(qemu_find_opts("netdev"), qdict,
&err);
if (error_is_set(&err)) {
goto out;
diff --git a/net.c b/net.c
index ae4bc0d..a652ee9 100644
--- a/net.c
+++ b/net.c
@@ -752,6 +752,12 @@ void net_host_device_add(Monitor *mon, const
QDict *qdict)
Error *local_err = NULL;
QemuOpts *opts;
+#ifdef CONFIG_SECCOMP
+ error_set(&local_err, ERROR_CLASS_GENERIC_ERROR,
+ "Cannot hotplug TAP device when -sandbox is in effect");
+ goto out;
+#endif
+
if (!net_host_check_device(device)) {
monitor_printf(mon, "invalid host network device %s\n",
device);
return;
@@ -765,6 +771,7 @@ void net_host_device_add(Monitor *mon, const
QDict *qdict)
qemu_opt_set(opts, "type", device);
net_client_init(opts, 0, &local_err);
+out:
if (error_is_set(&local_err)) {
qerror_report_err(local_err);
error_free(local_err);
@@ -800,6 +807,12 @@ int qmp_netdev_add(Monitor *mon, const QDict
*qdict, QObject **ret)
QemuOptsList *opts_list;
QemuOpts *opts;
+#ifdef CONFIG_SECCOMP
+ error_set(&local_err, ERROR_CLASS_GENERIC_ERROR,
+ "Cannot hotplug TAP device when -sandbox is in effect");
+ goto exit_err;
+#endif
+
opts_list = qemu_find_opts_err("netdev", &local_err);
if (error_is_set(&local_err)) {
goto exit_err;
--
Regards,
Corey Bryant