Il 24/10/2012 17:39, Corey Bryant ha scritto:
On 10/24/2012 11:21 AM, Paolo Bonzini wrote:
Il 24/10/2012 16:18, Corey Bryant ha scritto:
On 10/18/2012 11:15 AM, Paolo Bonzini wrote:
Il 17/10/2012 15:15, Eduardo Otubo ha scritto:
With the inclusion of the new "double whitelist" seccomp filter, Qemu
won't be able to execve() in runtime, thus, no hotplug net devices
allowed.
Signed-off-by: Eduardo Otubo <address@hidden>
Please check this in net_init_tap instead. When using libvirt, hotplug
is done with a completely different mechanism that involves
file-descriptor passing and does not require executing a helper.
Paolo
Are you sure net_init_tap() is the right place for this check?
Yes, assuming there is a global that says whether the seccomp sandbox is
in effect. Even something like "if (sandbox_active && !tap->has_fd)
error(...)" can be enough.
Paolo
What do you think about this? It moves the checks into the functions
that actually cause execve() to be called, and it only prevents the
commands after QEMU is done with initialization in main().
It doesn't do error reporting correctly because these functions do not
get an Error **. If you change that and use error_setg instead of
error_report, it should be okay.
However, I really think what your testing is not
runstate_is_prelaunch(), it is seccomp_effective(). If you structure
the test like that, it also lets you eliminate the #ifdef (which in
general we prefer to avoid).
Paolo