| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] [PATCH] Prevent vif-bridge from adding user-created taps
On Thu, 2011-10-27 at 16:13 +0100, Jim Fehlig wrote:
> > XENBUS_PATH here is really the vif backend path, not the tap path,
> > although they in some way are aliased so in many cases that ok. I was
> > just thinking it might be useful to have a backend space for the tap
> > device only (since the guest can see the vif backend dir).
> >
>
> So you prefer this approach to solving the problem?
It's probably the right thing to do long term but your initial patch
seems like a reasonable enough fix right now.
Ian.
>
> >
> >> IMO, the problem is in vif-bridge
> >>
> >> bridge=${bridge:-}
> >> bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
> >>
> >> if [ -z "$bridge" ]
> >> then
> >> bridge=$(brctl show | cut -d "
> >> " -f 2 | cut -f 1)
> >>
> >> if [ -z "$bridge" ]
> >> then
> >> fatal "Could not find bridge, and none was specified"
> >> fi
> >> else
> >> ...
> >>
> >> If the toolstack hasn't written anything to xenstore, vif-bridge happily
> >> connects the tap device to the first bridge it finds. Shouldn't
> >> vif-bridge just exit if no bridge is specified?
> >>
> >
> > I think that behaviour is historical (which isn't to say it's correct).
> >
>
> Connecting the device to an arbitrary bridge seems dangerous to me.
> What if the bridge is on a sensitive VLAN?
>
> > FWIW xl defaults to writing xenbr0. I don't know what xend does.
> >
>
> xend writes nothing to that node if bridge is not specified in the vif
> config :-(. I suppose that is the reason for the hack in vif-bridge,
> which was a bad fix IMO.
>
> Thanks,
> Jim
> > Ian.
> >
> >
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home