On 02/11/2015 08:17 PM, zhanghailiang wrote: > The 'colo_nicname' should be assigned with network name, > for exmple, 'eth2'. It will be parameter of 'colo_script',
s/exmple/example/ > 'colo_script' should be assigned with an scirpt path. s/an scirpt/a script/ > > We parse these parameter in tap. Script files are in general very hard to secure. Libvirt marks any domain that uses a script file for controlling networking as tainted, because it cannot guarantee that the script did not do arbitrary actions. Can you come up with any better solution that does not require a script file, such as having management software responsible for passing in an already-opened fd? > > Signed-off-by: zhanghailiang <zhang.zhanghaili...@huawei.com> > Signed-off-by: Gao feng <gaof...@cn.fujitsu.com> > Signed-off-by: Li Zhijian <lizhij...@cn.fujitsu.com> > --- > include/net/net.h | 4 ++++ > net/tap.c | 27 ++++++++++++++++++++++++--- > qapi-schema.json | 8 +++++++- > qemu-options.hx | 10 +++++++++- > 4 files changed, 44 insertions(+), 5 deletions(-) > > +++ b/qapi-schema.json > @@ -2101,6 +2101,10 @@ > # > # @queues: #optional number of queues to be created for multiqueue capable > tap > # > +# @colo_nicname: #optional the host physical nic for QEMU (Since 2.3) > +# > +# @colo_script: #optional the script file which used by COLO (Since 2.3) s/_/-/ in both parameter names, please. Since they are optional, it might be worth documenting what they default to when not present. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature