From: Stefan Hajnoczi <stefanha@redhat.com>
To: Alexandre Kandalintsev <spam@messir.net>
Cc: Anthony Liguori <aliguori@us.ibm.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] ifname=xxx for -netdev bridge
Date: Mon, 25 Mar 2013 10:03:00 +0100 [thread overview]
Message-ID: <20130325090300.GD1845@stefanha-thinkpad.redhat.com> (raw)
In-Reply-To: <20130321190509.6e1d73e5@messir.net>
On Thu, Mar 21, 2013 at 07:05:09PM +0100, Alexandre Kandalintsev wrote:
> Hi!
>
>
> Here is the patch that allows us to specify the name of tap interface
> when -netdev bridge is used. It's like -netdev tap,ifname=xxx, but for
> bridges.
>
>
> ** Motivation **
>
> We've got zillions of VMs and would like to see meaningful names of tap
> interfaces. This is really useful for for, e.g., system administrators
> in case they want to run tcpdump on it.
>
>
> ** How it works **
>
> Just specify a ifname= parameter as it is done if --netdev tap is used.
> However, as it requires root privs, the interface renaming is
> actually done by qemu-bridge-helper. --netdev tap,ifname=xxx will fail
> if qemu is launched not from root.
>
>
> ** TODO **
>
> 1. Update docs
> 2. I'm afraid that net_init_tap should not run helper with
> --br=DEFAULT_BRIDGE_INTERFACE . At least bridge name should be tunnable.
> But this is a future work.
> 3. May be we should call qemu-bridge-helper for tap interface renamings
> because it always has root privs?
qemu-bridge-helper is a setuid root binary. It allows access to things
an unprivileged user normally cannot do. We need to be very careful
that new features cannot be abused.
There needs to be a policy in qemu-bridge-helper to control network
interface naming.
Imagine an existing qemu-bridge-helper deployment. Now if your patch is
merged and the new qemu-bridge-helper is installed, unprivileged users
can create arbitrarily named network interfaces.
It was previously not possible to create arbitrarily named network
interfaces. This might pose a security problem given firewall
configuration, monitoring software, etc which isn't configured to deal
with these new interface names.
By default, custom names should not be allowed. Perhaps the
qemu-bridge-helper configuration file needs an option to specify a glob
pattern, e.g. vm*.
This way the host system administrator can restrict network interface
names while still allowing humand-friendly names.
Stefan
next prev parent reply other threads:[~2013-03-25 9:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-21 18:05 [Qemu-devel] [PATCH] ifname=xxx for -netdev bridge Alexandre Kandalintsev
2013-03-21 18:57 ` Eric Blake
2013-03-24 13:17 ` [Qemu-devel] [PATCH v2] " Alexandre Kandalintsev
2013-03-25 9:03 ` Stefan Hajnoczi [this message]
2013-03-25 21:28 ` [Qemu-devel] [PATCH] " Alexandre Kandalintsev
2014-01-14 18:39 ` William Dauchy
2014-01-20 21:23 ` Alexandre Kandalintsev
2014-01-23 14:30 ` William Dauchy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130325090300.GD1845@stefanha-thinkpad.redhat.com \
--to=stefanha@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=spam@messir.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.