qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] ifname=xxx for -netdev bridge


From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] [PATCH] ifname=xxx for -netdev bridge
Date: Mon, 25 Mar 2013 10:03:00 +0100
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Mar 21, 2013 at 07:05:09PM +0100, Alexandre Kandalintsev wrote:
> Hi!
> 
> 
> Here is the patch that allows us to specify the name of tap interface
> when -netdev bridge is used. It's like -netdev tap,ifname=xxx, but for
> bridges.
> 
> 
> ** Motivation **
> 
> We've got zillions of VMs and would like to see meaningful names of tap
> interfaces. This is really useful for for, e.g., system administrators
> in case they want to run tcpdump on it.
> 
> 
> ** How it works **
> 
> Just specify a ifname= parameter as it is done if --netdev tap is used.
> However, as it requires root privs, the interface renaming is
> actually done by qemu-bridge-helper. --netdev tap,ifname=xxx will fail
> if qemu is launched not from root.
> 
> 
> ** TODO **
> 
> 1. Update docs
> 2. I'm afraid that net_init_tap should not run helper with
> --br=DEFAULT_BRIDGE_INTERFACE . At least bridge name should be tunnable.
> But this is a future work.
> 3. May be we should call qemu-bridge-helper for tap interface renamings
> because it always has root privs?

qemu-bridge-helper is a setuid root binary.  It allows access to things
an unprivileged user normally cannot do.  We need to be very careful
that new features cannot be abused.

There needs to be a policy in qemu-bridge-helper to control network
interface naming.

Imagine an existing qemu-bridge-helper deployment.  Now if your patch is
merged and the new qemu-bridge-helper is installed, unprivileged users
can create arbitrarily named network interfaces.

It was previously not possible to create arbitrarily named network
interfaces.  This might pose a security problem given firewall
configuration, monitoring software, etc which isn't configured to deal
with these new interface names.

By default, custom names should not be allowed.  Perhaps the
qemu-bridge-helper configuration file needs an option to specify a glob
pattern, e.g. vm*.

This way the host system administrator can restrict network interface
names while still allowing humand-friendly names.

Stefan



reply via email to

[Prev in Thread] Current Thread [Next in Thread]