Re: [PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-15 Thread Sasha Levin 
On Thu, 2011-09-15 at 09:22 +0300, Pekka Enberg wrote:
> On 9/15/11 9:04 AM, Sasha Levin wrote:
> > On Thu, 2011-09-15 at 09:04 +0300, Pekka Enberg wrote:
> >> On Thu, Sep 15, 2011 at 9:00 AM, Sasha Levin  
> >> wrote:
> >>> Hm? If you it to the host's resolv.conf, a guest can edit host's file,
> >>> no?
> >>>
> >>> Might even be not on purpose... For example, simply running dhcpcd on
> >>> the guest.
> >>
> >> How is that going to happen if you're not running kvmtool as root?
> >
> > In that case, dhcpcd in the guest will simply break because it can't
> > modify resolv.conf, no?
> 
> Yes. Why is that a problem? You're not supposed to launch a dhcp client
> when using shared rootfs because kvmtool takes care of that for you.

Why? Testing a brand new dhcp client for example :)

We can't block the user from editing guest configuration files...

-- 

Sasha.

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-14 Thread Pekka Enberg 

On 9/15/11 9:04 AM, Sasha Levin wrote:

On Thu, 2011-09-15 at 09:04 +0300, Pekka Enberg wrote:

On Thu, Sep 15, 2011 at 9:00 AM, Sasha Levin  wrote:

Hm? If you it to the host's resolv.conf, a guest can edit host's file,
no?

Might even be not on purpose... For example, simply running dhcpcd on
the guest.


How is that going to happen if you're not running kvmtool as root?


In that case, dhcpcd in the guest will simply break because it can't
modify resolv.conf, no?


Yes. Why is that a problem? You're not supposed to launch a dhcp client
when using shared rootfs because kvmtool takes care of that for you.

Pekka
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-14 Thread Sasha Levin 
On Thu, 2011-09-15 at 09:04 +0300, Pekka Enberg wrote:
> On Thu, Sep 15, 2011 at 9:00 AM, Sasha Levin  wrote:
> > Hm? If you it to the host's resolv.conf, a guest can edit host's file,
> > no?
> >
> > Might even be not on purpose... For example, simply running dhcpcd on
> > the guest.
> 
> How is that going to happen if you're not running kvmtool as root?

In that case, dhcpcd in the guest will simply break because it can't
modify resolv.conf, no?

-- 

Sasha.

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-14 Thread Pekka Enberg 
On Thu, Sep 15, 2011 at 9:00 AM, Sasha Levin  wrote:
> Hm? If you it to the host's resolv.conf, a guest can edit host's file,
> no?
>
> Might even be not on purpose... For example, simply running dhcpcd on
> the guest.

How is that going to happen if you're not running kvmtool as root?
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-14 Thread Sasha Levin 
On Thu, 2011-09-15 at 08:44 +0300, Pekka Enberg wrote:
> On 9/15/11 8:36 AM, Sasha Levin wrote:
> > On Thu, 2011-09-15 at 08:29 +0300, Pekka Enberg wrote:
> >> On Wed, Sep 14, 2011 at 7:28 PM, Sasha Levin  
> >> wrote:
> >>> Since kernel IP autoconfiguration doesn't set up /etc/resolv.conf, we'll
> >>> use the one located within the host, since this was anyway what we 
> >>> simulated
> >>> within the DHCP offer packets.
> >>>
> >>> Signed-off-by: Sasha Levin
> >>
> >> Wouldn't a symlink to /host/etc/resolv.conf be more appropriate?
> >> Remember, we're supposed to only need to setup the shared rootfs once.
> >
> > It would mean the guest can screw up with the host's networking.
> 
> How? You're not supposed to run the tool.

Hm? If you it to the host's resolv.conf, a guest can edit host's file,
no?

Might even be not on purpose... For example, simply running dhcpcd on
the guest.

-- 

Sasha.

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-14 Thread Pekka Enberg 

On 9/15/11 8:36 AM, Sasha Levin wrote:

On Thu, 2011-09-15 at 08:29 +0300, Pekka Enberg wrote:

On Wed, Sep 14, 2011 at 7:28 PM, Sasha Levin  wrote:

Since kernel IP autoconfiguration doesn't set up /etc/resolv.conf, we'll
use the one located within the host, since this was anyway what we simulated
within the DHCP offer packets.

Signed-off-by: Sasha Levin


Wouldn't a symlink to /host/etc/resolv.conf be more appropriate?
Remember, we're supposed to only need to setup the shared rootfs once.


It would mean the guest can screw up with the host's networking.


How? You're not supposed to run the tool.

Pekka
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-14 Thread Sasha Levin 
On Thu, 2011-09-15 at 08:29 +0300, Pekka Enberg wrote:
> On Wed, Sep 14, 2011 at 7:28 PM, Sasha Levin  wrote:
> > Since kernel IP autoconfiguration doesn't set up /etc/resolv.conf, we'll
> > use the one located within the host, since this was anyway what we simulated
> > within the DHCP offer packets.
> >
> > Signed-off-by: Sasha Levin 
> 
> Wouldn't a symlink to /host/etc/resolv.conf be more appropriate?
> Remember, we're supposed to only need to setup the shared rootfs once.

It would mean the guest can screw up with the host's networking.

-- 

Sasha.

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-14 Thread Pekka Enberg 
On Wed, Sep 14, 2011 at 7:28 PM, Sasha Levin  wrote:
> Since kernel IP autoconfiguration doesn't set up /etc/resolv.conf, we'll
> use the one located within the host, since this was anyway what we simulated
> within the DHCP offer packets.
>
> Signed-off-by: Sasha Levin 

Wouldn't a symlink to /host/etc/resolv.conf be more appropriate?
Remember, we're supposed to only need to setup the shared rootfs once.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/2] kvm tools: Use host's resolv.conf within the guest

2011-09-14 Thread Sasha Levin 
Since kernel IP autoconfiguration doesn't set up /etc/resolv.conf, we'll
use the one located within the host, since this was anyway what we simulated
within the DHCP offer packets.

Signed-off-by: Sasha Levin 
---
 tools/kvm/builtin-run.c   |2 ++
 tools/kvm/builtin-setup.c |9 +
 tools/kvm/include/kvm/builtin-setup.h |1 +
 3 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/tools/kvm/builtin-run.c b/tools/kvm/builtin-run.c
index 5dafb15..9d61088 100644
--- a/tools/kvm/builtin-run.c
+++ b/tools/kvm/builtin-run.c
@@ -129,6 +129,7 @@ static int img_name_parser(const struct option *opt, const 
char *arg, int unset)
die("Unable to initialize virtio 9p");
if (virtio_9p__register(kvm, "/", "hostfs") < 0)
die("Unable to initialize virtio 9p");
+   kvm_setup_resolv(arg);
using_rootfs = custom_rootfs = 1;
return 0;
}
@@ -750,6 +751,7 @@ int kvm_cmd_run(int argc, const char **argv, const char 
*prefix)
char tmp[PATH_MAX];
 
kvm_setup_create_new("default");
+   kvm_setup_resolv("default");
 
snprintf(tmp, PATH_MAX, "%s%s%s", HOME_DIR, KVM_PID_FILE_PATH, 
"default");
if (virtio_9p__register(kvm, tmp, "/dev/root") < 0)
diff --git a/tools/kvm/builtin-setup.c b/tools/kvm/builtin-setup.c
index 6b8eb5b..3e569e7 100644
--- a/tools/kvm/builtin-setup.c
+++ b/tools/kvm/builtin-setup.c
@@ -168,6 +168,15 @@ static void make_guestfs_dir(const char *guestfs_name, 
const char *dir)
make_dir(name);
 }
 
+void kvm_setup_resolv(const char *guestfs_name)
+{
+   char path[PATH_MAX];
+
+   snprintf(path, PATH_MAX, "%s%s%s/etc/resolv.conf", HOME_DIR, 
KVM_PID_FILE_PATH, guestfs_name);
+
+   copy_file("/etc/resolv.conf", path);
+}
+
 static int do_setup(const char *guestfs_name)
 {
unsigned int i;
diff --git a/tools/kvm/include/kvm/builtin-setup.h 
b/tools/kvm/include/kvm/builtin-setup.h
index 6e183a1..f70ae78 100644
--- a/tools/kvm/include/kvm/builtin-setup.h
+++ b/tools/kvm/include/kvm/builtin-setup.h
@@ -4,5 +4,6 @@
 int kvm_cmd_setup(int argc, const char **argv, const char *prefix);
 void kvm_setup_help(void);
 int kvm_setup_create_new(const char *guestfs_name);
+void kvm_setup_resolv(const char *guestfs_name);
 
 #endif
-- 
1.7.6.1

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html