[PATCH] docs, passt: Clarify some niche passt usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Change example logfile path and clarify how complicated all things passt
are.  I chose not to create the non-existing directory because it could
open a whole new can of worms.

Also explain missing `dev` attribute of `<portForward/>`

Resolves: https://issues.redhat.com/browse/RHEL-1833

Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx>
---
 docs/formatdomain.rst | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 68f54ab3ed62..bc469e5f9f94 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -4902,14 +4902,23 @@ When the passt backend is used, the ``<backend>`` attribute
 ``logFile`` can be used to tell the passt process for this interface
 where to write its message log, and the ``<source>`` attribute ``dev``
 can tell it to use a particular host interface to derive the routes
-given to the guest for forwarding traffic upstream.
+given to the guest for forwarding traffic upstream.  Due to the design
+decisions of passt, if using SELinux, the log file is recommended to
+reside in the runtime directory of a user under which the passt
+process will run, most probably ``/run/user/$UID`` where ``$UID`` is
+the UID of the user, e.g. ``qemu``.  Beware that libvirt does not
+create this directory if it does not already exist to avoid possible,
+however unlikely, issues, especially since this logfile attribute is
+meant mostly for debugging.
 
 Additionally, when passt is used, multiple ``<portForward>`` elements
 can be added to forward incoming network traffic for the host to this
 guest interface. Each ``<portForward>`` must have a ``proto``
-attribute (set to ``tcp`` or ``udp``) and optional original
-``address`` (if not specified, then all incoming sessions to any host
-IP for the given proto/port(s) will be forwarded to the guest).
+attribute (set to ``tcp`` or ``udp``), optional original ``address``
+(if not specified, then all incoming sessions to any host IP for the
+given proto/port(s) will be forwarded to the guest), and an optional
+``dev`` attribute to limit the forwarded traffic to a specific host
+interface.
 
 The decision of which ports to forward is described with zero or more
 ``<range>`` subelements of ``<portForward>`` (if there is no
@@ -4934,7 +4943,7 @@ ports **with the exception of some subset**.
    <devices>
      ...
      <interface type='user'>
-       <backend type='passt' logFile='/tmp/passt.log'/>
+       <backend type='passt' logFile='/run/user/$UID/passt-domain.log'/>
        <mac address="00:11:22:33:44:55"/>
        <source dev='eth0'/>
        <ip family='ipv4' address='172.17.2.4' prefix='24'/>
@@ -4946,7 +4955,7 @@ ports **with the exception of some subset**.
          <range start='5000' end='5020' to='6000'/>
          <range start='5010' end='5015' exclude='yes'/>
        </portForward>
-       <portForward proto='tcp' address='2001:db8:ac10:fd01::1:10'>
+       <portForward proto='tcp' address='2001:db8:ac10:fd01::1:10' dev='eth0'>
          <range start='80'/>
          <range start='443' to='344'/>
        </portForward>
-- 
2.41.0




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux