On Tue, Jun 19, 2018 at 08:19:03AM +0200, Gerd Hoffmann wrote:
> On Mon, Jun 18, 2018 at 06:17:12PM +0200, Marc-André Lureau wrote:
> > An executable with its arguments may be given as 'cmd' property, ex:
> > -object vhost-user-backend,id=vui,cmd="./vhost-user-input
> > /dev/input..". The executable is then spawn and, by convention, the
> > vhost-user socket is passed as fd=3. It may be considered a security
> > breach to allow creating processes that may execute arbitrary
> > executables, so this may be restricted to some known executables (via
> > signature etc) or directory.
>
> Hmm, maybe let the device which uses vhost-user-backend handle this?
>
> So you use "-device vhost-user-input-pci,device=/dev/input/$dev" and
> vhost-user-input-pci translates that into ...
>
> argv = { "$dir/vhost-user-input", "-device", "/dev/input/$dev", NULL }
>
> ... for vhost-user-backend ?
Or just accept the binary name, but mandate a pre-determined set of
argv, in the same way we do for TAP device ifup scripts.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
