All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/1] Allow to build virtiofsd without the entire tools
@ 2021-02-01 21:14 Wainer dos Santos Moschetta
  2021-02-01 21:14 ` [PATCH 1/1] virtiofsd: Allow to build it without the tools Wainer dos Santos Moschetta
  2021-02-01 23:04 ` [PATCH 0/1] Allow to build virtiofsd without the entire tools Paolo Bonzini
  0 siblings, 2 replies; 9+ messages in thread
From: Wainer dos Santos Moschetta @ 2021-02-01 21:14 UTC (permalink / raw)
  To: qemu-devel; +Cc: pbonzini, dgilbert, stefanha, misono.tomohiro

Not too long ago (QEMU 5.0) it was possible to configure with --disable-tools
and still have virtiofsd built. With the recent port of the build system to
Meson, it is now built together with the tools though.

The Kata Containers [1] project build QEMU with --disable-tools to decrease the
attack surface, apart from the fact that tools (except for virtiofsd) aren't
used at all. So the ability to build only virtiofsd is appreciated.

On commit cece116c939 it was introduced the --enable-virtiofsd option. One
might think that option will enable the virtiofsd build regardless of 
--disable-tools but it isn't the current behavior. So the patch that I am
sending allows to disable all tools but virtiofsd.

Side note: in a private chat with Stefan Hajnoczi he come up with the idea
that perhaps --disable-tools could be like --without-default-features where
one can add back on feature-by-feature basis. This is outside the scope of this
series but I thought in sharing because IMHO it is deserves a discussion.

[1] https://katacontainers.io

Wainer dos Santos Moschetta (1):
  virtiofsd: Allow to build it without the tools

 tools/meson.build | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

-- 
2.29.2



^ permalink raw reply	[flat|nested] 9+ messages in thread

* [PATCH 1/1] virtiofsd: Allow to build it without the tools
  2021-02-01 21:14 [PATCH 0/1] Allow to build virtiofsd without the entire tools Wainer dos Santos Moschetta
@ 2021-02-01 21:14 ` Wainer dos Santos Moschetta
  2021-02-02  5:55   ` misono.tomohiro
  2021-02-03 14:41   ` Stefan Hajnoczi
  2021-02-01 23:04 ` [PATCH 0/1] Allow to build virtiofsd without the entire tools Paolo Bonzini
  1 sibling, 2 replies; 9+ messages in thread
From: Wainer dos Santos Moschetta @ 2021-02-01 21:14 UTC (permalink / raw)
  To: qemu-devel; +Cc: pbonzini, dgilbert, stefanha, misono.tomohiro

This changed the Meson build script to allow virtiofsd be built even
though the tools build is disabled, thus honoring the --enable-virtiofsd
option.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
---
 tools/meson.build | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/meson.build b/tools/meson.build
index fdce66857d..3e5a0abfa2 100644
--- a/tools/meson.build
+++ b/tools/meson.build
@@ -10,8 +10,11 @@ if get_option('virtiofsd').enabled()
       error('virtiofsd requires Linux')
     elif not seccomp.found() or not libcap_ng.found()
       error('virtiofsd requires libcap-ng-devel and seccomp-devel')
-    elif not have_tools or 'CONFIG_VHOST_USER' not in config_host
-      error('virtiofsd needs tools and vhost-user support')
+    elif 'CONFIG_VHOST_USER' not in config_host
+      error('virtiofsd needs vhost-user support')
+    else
+      # Disabled all the tools but virtiofsd.
+      have_virtiofsd = true
     endif
   endif
 elif get_option('virtiofsd').disabled() or not have_system
-- 
2.29.2



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [PATCH 0/1] Allow to build virtiofsd without the entire tools
  2021-02-01 21:14 [PATCH 0/1] Allow to build virtiofsd without the entire tools Wainer dos Santos Moschetta
  2021-02-01 21:14 ` [PATCH 1/1] virtiofsd: Allow to build it without the tools Wainer dos Santos Moschetta
@ 2021-02-01 23:04 ` Paolo Bonzini
  2021-02-02 12:48   ` Wainer dos Santos Moschetta
  1 sibling, 1 reply; 9+ messages in thread
From: Paolo Bonzini @ 2021-02-01 23:04 UTC (permalink / raw)
  To: Wainer dos Santos Moschetta
  Cc: misono.tomohiro, qemu-devel, stefanha, David Gilbert

[-- Attachment #1: Type: text/plain, Size: 1217 bytes --]

Il lun 1 feb 2021, 22:15 Wainer dos Santos Moschetta <wainersm@redhat.com>
ha scritto:

> Not too long ago (QEMU 5.0) it was possible to configure with
> --disable-tools
> and still have virtiofsd built. With the recent port of the build system to
> Meson, it is now built together with the tools though.
>
> The Kata Containers [1] project build QEMU with --disable-tools to
> decrease the
> attack surface


---enable-tools only adds separate executables, therefore it can't add to
the attack surface of the emulators. So this is misleading.

That said, it does make sense to let --enable-virtiofsd override
--disable-tools, and the same in the other direction too.

Paolo

Side note: in a private chat with Stefan Hajnoczi he come up with the idea
> that perhaps --disable-tools could be like --without-default-features where
> one can add back on feature-by-feature basis. This is outside the scope of
> this
> series but I thought in sharing because IMHO it is deserves a discussion.


> [1] https://katacontainers.io
>
> Wainer dos Santos Moschetta (1):
>   virtiofsd: Allow to build it without the tools
>
>  tools/meson.build | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> --
> 2.29.2
>
>

[-- Attachment #2: Type: text/html, Size: 2256 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* RE: [PATCH 1/1] virtiofsd: Allow to build it without the tools
  2021-02-01 21:14 ` [PATCH 1/1] virtiofsd: Allow to build it without the tools Wainer dos Santos Moschetta
@ 2021-02-02  5:55   ` misono.tomohiro
  2021-02-02 12:58     ` Wainer dos Santos Moschetta
  2021-02-03 14:41   ` Stefan Hajnoczi
  1 sibling, 1 reply; 9+ messages in thread
From: misono.tomohiro @ 2021-02-02  5:55 UTC (permalink / raw)
  To: 'Wainer dos Santos Moschetta', qemu-devel
  Cc: pbonzini, dgilbert, stefanha

> Subject: [PATCH 1/1] virtiofsd: Allow to build it without the tools
> 
> This changed the Meson build script to allow virtiofsd be built even
> though the tools build is disabled, thus honoring the --enable-virtiofsd
> option.
> 
> Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>

I misunderstood that virtiofsd builds somehow depends on tools build at that time.
Thanks for fixing. I did quick build test.

Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 0/1] Allow to build virtiofsd without the entire tools
  2021-02-01 23:04 ` [PATCH 0/1] Allow to build virtiofsd without the entire tools Paolo Bonzini
@ 2021-02-02 12:48   ` Wainer dos Santos Moschetta
  0 siblings, 0 replies; 9+ messages in thread
From: Wainer dos Santos Moschetta @ 2021-02-02 12:48 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: misono.tomohiro, qemu-devel, stefanha, David Gilbert

[-- Attachment #1: Type: text/plain, Size: 1708 bytes --]

Hi,

On 2/1/21 8:04 PM, Paolo Bonzini wrote:
>
>
> Il lun 1 feb 2021, 22:15 Wainer dos Santos Moschetta 
> <wainersm@redhat.com <mailto:wainersm@redhat.com>> ha scritto:
>
>     Not too long ago (QEMU 5.0) it was possible to configure with
>     --disable-tools
>     and still have virtiofsd built. With the recent port of the build
>     system to
>     Meson, it is now built together with the tools though.
>
>     The Kata Containers [1] project build QEMU with --disable-tools to
>     decrease the
>     attack surface
>
>
> ---enable-tools only adds separate executables, therefore it can't add 
> to the attack surface of the emulators. So this is misleading.


You are right, Paolo, thanks for the comment. I meant to say the project 
avoid installing unneeded binaries on the system, extra files which may 
be subject to CVEs and force a sysadmin to handle them. I hope this 
clarifies my point.

Thanks!

Wainer

>
> That said, it does make sense to let --enable-virtiofsd override 
> --disable-tools, and the same in the other direction too.
>
> Paolo
>
>     Side note: in a private chat with Stefan Hajnoczi he come up with
>     the idea
>     that perhaps --disable-tools could be like
>     --without-default-features where
>     one can add back on feature-by-feature basis. This is outside the
>     scope of this
>     series but I thought in sharing because IMHO it is deserves a
>     discussion.
>
>
>     [1] https://katacontainers.io <https://katacontainers.io>
>
>     Wainer dos Santos Moschetta (1):
>       virtiofsd: Allow to build it without the tools
>
>      tools/meson.build | 7 +++++--
>      1 file changed, 5 insertions(+), 2 deletions(-)
>
>     -- 
>     2.29.2
>

[-- Attachment #2: Type: text/html, Size: 3965 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] virtiofsd: Allow to build it without the tools
  2021-02-02  5:55   ` misono.tomohiro
@ 2021-02-02 12:58     ` Wainer dos Santos Moschetta
  2021-02-03 11:30       ` Dr. David Alan Gilbert
  2021-02-16 10:59       ` Dr. David Alan Gilbert
  0 siblings, 2 replies; 9+ messages in thread
From: Wainer dos Santos Moschetta @ 2021-02-02 12:58 UTC (permalink / raw)
  To: misono.tomohiro, qemu-devel; +Cc: pbonzini, dgilbert, stefanha


On 2/2/21 2:55 AM, misono.tomohiro@fujitsu.com wrote:
>> Subject: [PATCH 1/1] virtiofsd: Allow to build it without the tools
>>
>> This changed the Meson build script to allow virtiofsd be built even
>> though the tools build is disabled, thus honoring the --enable-virtiofsd
>> option.
>>
>> Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
> I misunderstood that virtiofsd builds somehow depends on tools build at that time.
> Thanks for fixing. I did quick build test.
Thanks for the review and test!

If not needed a v2 for this patch, please could the maintainer add to 
the commit message:

   Fixes: cece116c939d219070b250338439c2d16f94e3da (configure: add 
option for virtiofsd)

- Wainer

>
> Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
>



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] virtiofsd: Allow to build it without the tools
  2021-02-02 12:58     ` Wainer dos Santos Moschetta
@ 2021-02-03 11:30       ` Dr. David Alan Gilbert
  2021-02-16 10:59       ` Dr. David Alan Gilbert
  1 sibling, 0 replies; 9+ messages in thread
From: Dr. David Alan Gilbert @ 2021-02-03 11:30 UTC (permalink / raw)
  To: Wainer dos Santos Moschetta
  Cc: misono.tomohiro, pbonzini, qemu-devel, stefanha

* Wainer dos Santos Moschetta (wainersm@redhat.com) wrote:
> 
> On 2/2/21 2:55 AM, misono.tomohiro@fujitsu.com wrote:
> > > Subject: [PATCH 1/1] virtiofsd: Allow to build it without the tools
> > > 
> > > This changed the Meson build script to allow virtiofsd be built even
> > > though the tools build is disabled, thus honoring the --enable-virtiofsd
> > > option.
> > > 
> > > Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
> > I misunderstood that virtiofsd builds somehow depends on tools build at that time.
> > Thanks for fixing. I did quick build test.
> Thanks for the review and test!
> 
> If not needed a v2 for this patch, please could the maintainer add to the
> commit message:
> 
>   Fixes: cece116c939d219070b250338439c2d16f94e3da (configure: add option for
> virtiofsd)

OK, I cna add that; I'll take it through virtiofs next time I need to do
a pull.

> - Wainer
> 
> > 
> > Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
> > 
-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] virtiofsd: Allow to build it without the tools
  2021-02-01 21:14 ` [PATCH 1/1] virtiofsd: Allow to build it without the tools Wainer dos Santos Moschetta
  2021-02-02  5:55   ` misono.tomohiro
@ 2021-02-03 14:41   ` Stefan Hajnoczi
  1 sibling, 0 replies; 9+ messages in thread
From: Stefan Hajnoczi @ 2021-02-03 14:41 UTC (permalink / raw)
  To: Wainer dos Santos Moschetta
  Cc: pbonzini, misono.tomohiro, qemu-devel, dgilbert

[-- Attachment #1: Type: text/plain, Size: 456 bytes --]

On Mon, Feb 01, 2021 at 06:14:56PM -0300, Wainer dos Santos Moschetta wrote:
> This changed the Meson build script to allow virtiofsd be built even
> though the tools build is disabled, thus honoring the --enable-virtiofsd
> option.
> 
> Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
> ---
>  tools/meson.build | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] virtiofsd: Allow to build it without the tools
  2021-02-02 12:58     ` Wainer dos Santos Moschetta
  2021-02-03 11:30       ` Dr. David Alan Gilbert
@ 2021-02-16 10:59       ` Dr. David Alan Gilbert
  1 sibling, 0 replies; 9+ messages in thread
From: Dr. David Alan Gilbert @ 2021-02-16 10:59 UTC (permalink / raw)
  To: Wainer dos Santos Moschetta
  Cc: misono.tomohiro, pbonzini, qemu-devel, stefanha

* Wainer dos Santos Moschetta (wainersm@redhat.com) wrote:
> 
> On 2/2/21 2:55 AM, misono.tomohiro@fujitsu.com wrote:
> > > Subject: [PATCH 1/1] virtiofsd: Allow to build it without the tools
> > > 
> > > This changed the Meson build script to allow virtiofsd be built even
> > > though the tools build is disabled, thus honoring the --enable-virtiofsd
> > > option.
> > > 
> > > Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
> > I misunderstood that virtiofsd builds somehow depends on tools build at that time.
> > Thanks for fixing. I did quick build test.
> Thanks for the review and test!
> 
> If not needed a v2 for this patch, please could the maintainer add to the
> commit message:
> 
>   Fixes: cece116c939d219070b250338439c2d16f94e3da (configure: add option for
> virtiofsd)

Queued with that line added to the commit message

> - Wainer
> 
> > 
> > Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
> > 
> 
> 
-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK



^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2021-02-16 11:03 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-01 21:14 [PATCH 0/1] Allow to build virtiofsd without the entire tools Wainer dos Santos Moschetta
2021-02-01 21:14 ` [PATCH 1/1] virtiofsd: Allow to build it without the tools Wainer dos Santos Moschetta
2021-02-02  5:55   ` misono.tomohiro
2021-02-02 12:58     ` Wainer dos Santos Moschetta
2021-02-03 11:30       ` Dr. David Alan Gilbert
2021-02-16 10:59       ` Dr. David Alan Gilbert
2021-02-03 14:41   ` Stefan Hajnoczi
2021-02-01 23:04 ` [PATCH 0/1] Allow to build virtiofsd without the entire tools Paolo Bonzini
2021-02-02 12:48   ` Wainer dos Santos Moschetta

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.