On 02/17/2015 07:50 AM, Eric Blake wrote: > On 02/11/2015 08:17 PM, zhanghailiang wrote: >> The 'colo_nicname' should be assigned with network name, >> for exmple, 'eth2'. It will be parameter of 'colo_script', > > s/exmple/example/ > >> 'colo_script' should be assigned with an scirpt path. > > s/an scirpt/a script/ > >> >> We parse these parameter in tap. > > Script files are in general very hard to secure. Libvirt marks any > domain that uses a script file for controlling networking as tainted, > because it cannot guarantee that the script did not do arbitrary > actions. Can you come up with any better solution that does not require > a script file, such as having management software responsible for > passing in an already-opened fd?
Do you mean that opening the script in libvirt? Thanks Wen Congyang > >> >> Signed-off-by: zhanghailiang <zhang.zhanghaili...@huawei.com> >> Signed-off-by: Gao feng <gaof...@cn.fujitsu.com> >> Signed-off-by: Li Zhijian <lizhij...@cn.fujitsu.com> >> --- >> include/net/net.h | 4 ++++ >> net/tap.c | 27 ++++++++++++++++++++++++--- >> qapi-schema.json | 8 +++++++- >> qemu-options.hx | 10 +++++++++- >> 4 files changed, 44 insertions(+), 5 deletions(-) >> > >> +++ b/qapi-schema.json >> @@ -2101,6 +2101,10 @@ >> # >> # @queues: #optional number of queues to be created for multiqueue capable >> tap >> # >> +# @colo_nicname: #optional the host physical nic for QEMU (Since 2.3) >> +# >> +# @colo_script: #optional the script file which used by COLO (Since 2.3) > > s/_/-/ in both parameter names, please. Since they are optional, it > might be worth documenting what they default to when not present. >