qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line

From: Brian Wheeler
Subject: Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line options from qcow2 images
Date: Thu, 09 Aug 2007 16:55:23 -0400 
On Thu, 2007-08-09 at 23:16 +0300, Avi Kivity wrote:
> Anthony Liguori wrote:
> >>
> >> I think it is a bad idea from a security POV to automatically extract 
> >> & use command line args from  a disk image like this without the 
> >> admin explicitly requesting this capability.
> >> eg If I grabbed a demo disk image from a vendors' or community 
> >> website I would
> >> certainly not trust whatever args may happen to be embedded in the 
> >> disk image
> >> and thus do not want QEMU to be automatically running using them.
> >>
> >> I'd recommend having some command line flag to turn this capability 
> >> on. For
> >> example a '--args PATH-TO-DISK' flag,
> >>
> >>   qemu --args $HOME/fedora.qcow
> >>   
> >
> > That's pretty nasty.  How do you specify which disk this is then?  I 
> > do agree with you that allowing arbitrary command line arguments in an 
> > image file is probably a bad idea.  I think the general idea of being 
> > able to launch a single image is useful but I suspect this is not the 
> > right way to do it.
> >
> > What are some people thinking would want to be stored in the file?  
> > Most of the command line options are more host specific than guest 
> > specific I think.  Maybe we can store a pseudo-config instead that 
> > only contains a subset of parameters (and therefore, wouldn't pose a 
> > security risk)? 
> 
> Memory size, -hdb and -cdrom, processor count, networking setup.  The 
> sort of things people push into ad-hoc scripts.
> 
> I expect this to be the low-end solution; with high end management 
> applications storing configuration options in a database.
> 
> 

Why not just save the options to a file and have qemu parse it?  That
way all of the security issues are taken care of, and it can be cross
platform (no need for a shell script and/or batch file) so it'd be
portable.

If the format was one flag per line (as if the command line got broken
up in pairs) as in "-hdb myfile.img" being on one line and "-fda
boot.img" on another line, then its easy to edit programically as well.

All of my shell scripts to start qemu tend to look like this:

qemu -hda disk0.img -net nic -net user -m 512 -localtime   $*

so I can pass one-time parameters as necessary (that's the $* at the
end) by specifying args when I invoke the script.  If qemu had a default
configuration file it looked for, and then you could specify one-or-more
configuration files to read in addition (later values overriding earlier
ones), then it seems like it'd work out for most if not all situations.



Brian
reply via email to
[Prev in Thread] Current Thread [Next in Thread]