[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC 0/3] virtiofsd: get/set log level via DBus
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [Qemu-devel] [RFC 0/3] virtiofsd: get/set log level via DBus |
Date: |
Fri, 6 Sep 2019 11:35:23 +0100 |
User-agent: |
Mutt/1.12.1 (2019-06-15) |
* Stefan Hajnoczi (address@hidden) wrote:
> On Thu, Sep 05, 2019 at 06:40:21PM +0100, Dr. David Alan Gilbert wrote:
> > * Stefan Hajnoczi (address@hidden) wrote:
> > > It is likely that virtiofsd will need to support "management commands" for
> > > reconfiguring it at runtime. The first use case was proposed by Eryu
> > > Guan for
> > > getting/setting the current log level.
> > >
> > > I promised to try out DBus as the management interface because it has a
> > > rich
> > > feature set and is accessible from most programming languages. It should
> > > be
> > > able to support all the use cases we come up with.
> > >
> > > This patch series is a prototype that implements the get-log-level and
> > > set-log-level management commands via DBus. Use the new virtiofsctl tool
> > > to
> > > talk to a running virtiofsd process:
> > >
> > > # dbus-run-session ./virtiofsd ...
> > > ...
> > > Using dbus address
> > > unix:abstract=/tmp/dbus-H9WBbpjk3O,guid=0be16acefb868e6025a8737f5d7124d2
> > > # export
> > > DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-H9WBbpjk3O,guid=0be16acefb868e6025a8737f5d7124d2
> > > # ./virtiofsctl set-log-level err
> > >
> > > Most of the work is done by gdbus-codegen(1). It generates code for the
> > > org.qemu.Virtiofsd.xml interface definition. Our code can use the simple
> > > virtiofsd_get/set_log_level() APIs and it will make corresponding DBus
> > > calls.
> > >
> > > I'm pretty happy with this approach because the code is straightforward.
> > > It
> > > hasn't even triggered seccomp failures yet :).
> >
> > Yes it's less complex than I'd worried.
> > Now, I do think we've got to think about how qemu in general is going to
> > use dbus as people were discussing it, because then we have to think
> > what the security aspects are - do we need to look at some calls only
> > available to some clients etc.
>
> The approach I took in this patch series is to launch a session bus just
> for this virtiofsd. The abstract socket unix(7) namespace used by GDBus
> by default does not offer any security. I think any process on the host
> can connect to it, regardless of uid/gid.
>
> A path like unix:path=/tmp/foo would allow us to use UNIX Domain Socket
> permissions as the main security mechanism.
Yes, that I'm fine with; my worry is that there was talk of much more
complex dbus setups coming out of the qemu world with many things being
connected; and then we have to think about security upfront.
> I'm not enthusiastic about
> using SELinux or some kind of DBus-specific policy language if we can
> avoid it because it's complex and obscure.
Right.
Dave
> Stefan
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK
- Re: [Qemu-devel] [RFC 2/3] virtiofsd: add DBus server to handle log level changes, (continued)
[Qemu-devel] [RFC 3/3] virtiofsd: add virtiofsctl command-line management tool, Stefan Hajnoczi, 2019/09/05
Re: [Qemu-devel] [RFC 0/3] virtiofsd: get/set log level via DBus, Dr. David Alan Gilbert, 2019/09/05
Re: [Qemu-devel] [RFC 0/3] virtiofsd: get/set log level via DBus, Daniel P . Berrangé, 2019/09/06
Re: [Qemu-devel] [RFC 0/3] virtiofsd: get/set log level via DBus, Stefan Hajnoczi, 2019/09/09