[libvirt] [PATCH 00/23] Use a slirp helper process

Monday, 8 July 2019

From: Marc-André Lureau <marcandre.lureau(a)redhat.com&gt;

Hi,

SLIRP networking can be running in a separate process. This allows for
stricter security policies for QEMU & SLIRP, as SLIRP is notoriously
not very safe (discussed on ML, various CVEs, and even the code says
so explicitly in the comments), yet people rely on it for various
reasons.

With this series, for a network interface "user", libvirt will:
- check the slirp-helper presence and capabilites (see [1])
- setup a socket pair between qemu and the helper
- use -net socket
- setup migration thanks to dbus-vmstate

There are no changes required to domain configuration to benefit
it. "guestfwd" isn't supported at this point, but it is known to be in
a broken state with libvirt+qemu anyway.

The dbus-vmstate is being proposed to QEMU.

The libslirp-rs slirp-helper hasn't yet received a release, but I plan
to make one soon, depending on the feedback.

fwiw, I have been working on an alternative rust-only implementation
of a slirp-helper that will also follow [1].

[1] https://gitlab.freedesktop.org/slirp/libslirp-rs/blob/master/src/bin/READ...

Marc-André Lureau (23):
  Add .editorconfig
  dbus: correctly build reply message
  qemu: replace logCtxt with qemuDomainLogAppendMessage()
  qemu: reset VM id after external devices stop
  qemu: add socket datagram capability
  qemu: add dbus-vmstate capability
  qemu-conf: add configurable dbus-daemon location
  qemu-conf: add dbusStateDir
  qemu-security: add qemuSecurityCommandRun()
  qemu: add a DBus daemon helper unit
  qemu: add dbus-vmstate helper migration support
  domain-conf: add network def private data
  qemu: add qemuDomainNetworkPrivate
  qemu-conf: add configurable slirp-helper location
  qemu: add slirp helper unit
  qemu-domain: save and restore slirp state
  qemu: add a flag to the cookie to prevent slirp-helper setup
  qemu-migration: prevent migration if slirp cannot be migrated
  qemu-extdevice: prepare, start and stop slirp-helper
  qemu-command: use -net socket,fd= with slirp-helper
  qemu-process: prepare slirp-helper
  qemu-hotplug: handle hotplugging of slirp-helper
  tests: add slirp-helper qemuxml2argv test

 .editorconfig                                 |  21 +
 m4/virt-driver-qemu.m4                        |  10 +
 src/conf/domain_conf.c                        |  21 +-
 src/conf/domain_conf.h                        |   6 +
 src/qemu/Makefile.inc.am                      |   6 +
 src/qemu/libvirtd_qemu.aug                    |   2 +
 src/qemu/qemu.conf                            |   6 +
 src/qemu/qemu_alias.c                         |   7 +
 src/qemu/qemu_alias.h                         |   2 +
 src/qemu/qemu_capabilities.c                  |  10 +
 src/qemu/qemu_capabilities.h                  |   4 +
 src/qemu/qemu_command.c                       | 100 ++++-
 src/qemu/qemu_command.h                       |   6 +-
 src/qemu/qemu_conf.c                          |  20 +-
 src/qemu/qemu_conf.h                          |   3 +
 src/qemu/qemu_dbus.c                          | 384 ++++++++++++++++
 src/qemu/qemu_dbus.h                          |  44 ++
 src/qemu/qemu_domain.c                        | 206 ++++++++-
 src/qemu/qemu_domain.h                        |  27 ++
 src/qemu/qemu_driver.c                        |  11 +-
 src/qemu/qemu_extdevice.c                     |  82 ++--
 src/qemu/qemu_extdevice.h                     |  10 +-
 src/qemu/qemu_hotplug.c                       | 118 ++++-
 src/qemu/qemu_hotplug.h                       |   8 +
 src/qemu/qemu_interface.c                     |  27 ++
 src/qemu/qemu_interface.h                     |   4 +
 src/qemu/qemu_migration.c                     |  62 +++
 src/qemu/qemu_monitor.c                       |  35 +-
 src/qemu/qemu_monitor.h                       |   6 +-
 src/qemu/qemu_monitor_json.c                  |  15 +
 src/qemu/qemu_monitor_json.h                  |   5 +
 src/qemu/qemu_process.c                       |  37 +-
 src/qemu/qemu_process.h                       |   1 +
 src/qemu/qemu_security.c                      |  22 +
 src/qemu/qemu_security.h                      |   6 +
 src/qemu/qemu_slirp.c                         | 412 ++++++++++++++++++
 src/qemu/qemu_slirp.h                         |  78 ++++
 src/qemu/qemu_tpm.c                           |  10 +-
 src/qemu/qemu_tpm.h                           |   5 +-
 src/qemu/test_libvirtd_qemu.aug.in            |   2 +
 src/util/virdbus.c                            |  18 +-
 src/util/virdbus.h                            |   6 +-
 tests/Makefile.am                             |   1 +
 .../caps_4.0.0.aarch64.xml                    |   1 +
 .../qemucapabilitiesdata/caps_4.0.0.ppc64.xml |   1 +
 .../caps_4.0.0.riscv32.xml                    |   1 +
 .../caps_4.0.0.riscv64.xml                    |   1 +
 .../qemucapabilitiesdata/caps_4.0.0.s390x.xml |   1 +
 .../caps_4.0.0.x86_64.xml                     |   1 +
 .../caps_4.1.0.x86_64.xml                     |   1 +
 .../net-user.x86_64-4.0.0.args                |  34 ++
 tests/qemuxml2argvtest.c                      |  16 +
 tests/testutilsqemu.h                         |   1 +
 tests/virfirewalltest.c                       |   9 +-
 tests/virpolkittest.c                         |   3 +-
 55 files changed, 1849 insertions(+), 87 deletions(-)
 create mode 100644 .editorconfig
 create mode 100644 src/qemu/qemu_dbus.c
 create mode 100644 src/qemu/qemu_dbus.h
 create mode 100644 src/qemu/qemu_slirp.c
 create mode 100644 src/qemu/qemu_slirp.h
 create mode 100644 tests/qemuxml2argvdata/net-user.x86_64-4.0.0.args

-- 
2.22.0.214.g8dca754b1e

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH 00/23] Use a slirp helper process