public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Cc: passt-dev@passt.top
Subject: Re: [PATCH] passt-repair: Add directory watch
Date: Wed, 12 Mar 2025 11:31:08 +1100	[thread overview]
Message-ID: <Z9DVzOF1teSdN1Eu@zatzit> (raw)
In-Reply-To: <20250311234457.4986a498@elisabeth>

[-- Attachment #1: Type: text/plain, Size: 2614 bytes --]

On Tue, Mar 11, 2025 at 11:44:57PM +0100, Stefano Brivio wrote:
> On Tue, 11 Mar 2025 12:35:46 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
> 
> > On Fri, Mar 07, 2025 at 11:41:20PM +0100, Stefano Brivio wrote:
> > > It might not be feasible for users to start passt-repair after passt
> > > is started, on a migration target, but before the migration process
> > > starts.
> > > 
> > > For instance, with libvirt, the guest domain (and, hence, passt) is
> > > started on the target as part of the migration process. At least for
> > > the moment being, there's no hook a libvirt user (including KubeVirt)
> > > can use to start passt-repair before the migration starts.
> > > 
> > > Add a directory watch using inotify: if PATH is a directory, instead
> > > of connecting to it, we'll watch for a .repair socket file to appear
> > > in it, and then attempt to connect to that socket.  
> > 
> > So, with this change, running
> > 	passt-repair /tmp
> > 
> > would be a Bad Idea.
> 
> ...why? On any distribution where it's available, you can make it
> connect to whatever you want, and it will do nothing else than
> returning an error when passt tries to switch a socket to repair
> mode.

I mean that if you are able to run it privileged, then it would be a
bad idea to do so with /tmp as the watch directory.  Since that's kind
of the default place to point it, it's a footgun.

> It will just work in the KubeVirt use case we planned for, for the
> moment.
> 
> Then sure, you can give it capabilities or run it as root, disable
> LSMs, and make it connect to whatever process. But you need root
> anyway, so there isn't much to be gained.
> 
> > But that is the default path used by passt.  To
> > use this safely, you really want to have a directory set aside for the
> > use of just one passt instance, or at least passt-owning uid.
> 
> Right, that's what happens if libvirt starts it.
> 
> > I feel like we should enforce, or at least document and encourage that
> > somewhere.  Not really sure where, though, so, with some misgivings
> 
> I think we'll find a more reasonable solution by the time this becomes
> actually usable by mere mortals using distribution packages. I would
> anyway drop all this once we figure out how to make it convenient for
> libvirt. For stand-alone usage, this is not really needed.

Hm.  I guess we'll see.

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

      reply	other threads:[~2025-03-12  0:41 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-07 22:41 [PATCH] passt-repair: Add directory watch Stefano Brivio
2025-03-11  1:35 ` David Gibson
2025-03-11 22:44   ` Stefano Brivio
2025-03-12  0:31     ` David Gibson [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z9DVzOF1teSdN1Eu@zatzit \
    --to=david@gibson.dropbear.id.au \
    --cc=passt-dev@passt.top \
    --cc=sbrivio@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).