On Tue, Jan 16, 2018 at 03:18:24PM -0800, Shaun Reitan wrote:
This patch replaces the patch I sent yesturday. This one fixes
a bug in my original code as well as corrects a few styling
issues. Hopfully this one comes out correct! Sorry for the
inconvienece.
When currently using -netdev bridge or -netdev tap with a helper
you are unable to set an ifname. This patch adds that ability so
that you can now specify an ifname.
I really don't think users should be allowed to override the
ifname when using the setuid bridge helper. This allows an
unprivileged users to create tap devices that may confuse the
sysadmin, and/or network mgmt scripts.
eg consider the user asks for a tap device called eth1. To the
sysadmin the user's tap device now looks like a physical NIC.
This can be even worse if the host does physical NIC hotplug,
or uses SRIOV. eg consider the host as eth0 -> eth7 for SRIOV
NICs, and eth3 is given to a guest. Now a user uses the setuid
helper to ask for a TAP called eth3. When the SRIOV device is
later released by the guest it will end up called eth8, as the
TAP device occupies eth3. In bad cases this could even cause
the host mgmt layer to configure bogus addresses on the eth3
TAP device instead of the SRIOV device.