Re: [PATCH v2 3/3] network: Taint networks that are using hook script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Feb 07, 2014 at 02:17:10PM +0200, Laine Stump wrote:
> On 02/05/2014 12:11 PM, Michal Privoznik wrote:
> > Basically, the idea is copied from domain code, where tainting
> > exists for a while. Currently, only one taint reason exists -
> > VIR_NETWORK_TAINT_HOOK to mark those networks which caused invoking
> > of hook script.
> 
> What's missing here is that the network status XML doesn't include a
> <taint> element.
> 
> Also, I think if a network is tainted, and domain that connects to that
> network should be tainted as well.
> 
> Of course what would make this more useful would be if would could
> determine when a hook script actually *did* something for a particular
> network/interface (since presumably people are usually going to write
> their network hook scripts to only take action for particular networks
> and/or domains, not for *all* networks). I don't know that there's a way
> to do that without either 1) having a different hook script for each
> network, or 2) trusting the hook script to return some sort of status
> indicating whether or not it did anything. Obviously (2) is not a good
> idea, but we may want to think about (1) in the future (for qemu and lxc
> hook scripts as well) - instead of just looking for
> /etc/libvirt/hook/network, we could first look for
> /etc/libvirt/hook/network.${netname} and exec that instead if found (or
> in addition). But I think that can be deferred until later.

I don't think we should try to second guess what the hook script
is doing. You are basically trying to solve the halting problem
there which is not a winning proposition.

> ACK if you add the <taint> element to the network status XML, and taint
> the domain any time it uses a tainted network.

I think tainting the domain is probably overkill here.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]