From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=MZBH+uVL; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 34F1A5A0008 for ; Wed, 12 Mar 2025 01:41:08 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202502; t=1741740060; bh=cLirWBUYJpfVgVzLbhtqTxVDTk67FyMNOPsC/xrQTfI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=MZBH+uVLFnJ6pBSWR1Fo3gUlrvDvEdas//Eluf+sh/BujfxiI0k45jBe3DR5y2D40 BEYXHxlEhmPmz+l2rjUPOQgdK56Tyae2Or/It9LEP3G2/sVdjc5d6EnJpoiXwOzcDT HkEDoSG2MuOUbAlnLTxnesz6GbuUrS6IE6uiewbeUXpcAyuXffVcIMgRsKYoz2BfAj zSstb81uo2d4izbJwEvXqVuUwTeoOzLUHCTPBPO6g8HvU4sjuEFqsqZAI+SJG3e+oM kbTe2XwJOj98eY+z3uIu2Aui+L4+8dcWuEaGWD3peErzAZpuNdeDkJX9ilXx5TyqgW kgkRubfDtT8pA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4ZCBd81cfhz4x2g; Wed, 12 Mar 2025 11:41:00 +1100 (AEDT) Date: Wed, 12 Mar 2025 11:31:08 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] passt-repair: Add directory watch Message-ID: References: <20250307224120.2789900-1-sbrivio@redhat.com> <20250311234457.4986a498@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="esmYh4A414BjKTaN" Content-Disposition: inline In-Reply-To: <20250311234457.4986a498@elisabeth> Message-ID-Hash: ZFXXLPJOT2O7YUHLHSNLHSLAJZTDNSJ6 X-Message-ID-Hash: ZFXXLPJOT2O7YUHLHSNLHSLAJZTDNSJ6 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --esmYh4A414BjKTaN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 11, 2025 at 11:44:57PM +0100, Stefano Brivio wrote: > On Tue, 11 Mar 2025 12:35:46 +1100 > David Gibson wrote: >=20 > > On Fri, Mar 07, 2025 at 11:41:20PM +0100, Stefano Brivio wrote: > > > It might not be feasible for users to start passt-repair after passt > > > is started, on a migration target, but before the migration process > > > starts. > > >=20 > > > For instance, with libvirt, the guest domain (and, hence, passt) is > > > started on the target as part of the migration process. At least for > > > the moment being, there's no hook a libvirt user (including KubeVirt) > > > can use to start passt-repair before the migration starts. > > >=20 > > > Add a directory watch using inotify: if PATH is a directory, instead > > > of connecting to it, we'll watch for a .repair socket file to appear > > > in it, and then attempt to connect to that socket. =20 > >=20 > > So, with this change, running > > passt-repair /tmp > >=20 > > would be a Bad Idea. >=20 > ...why? On any distribution where it's available, you can make it > connect to whatever you want, and it will do nothing else than > returning an error when passt tries to switch a socket to repair > mode. I mean that if you are able to run it privileged, then it would be a bad idea to do so with /tmp as the watch directory. Since that's kind of the default place to point it, it's a footgun. > It will just work in the KubeVirt use case we planned for, for the > moment. >=20 > Then sure, you can give it capabilities or run it as root, disable > LSMs, and make it connect to whatever process. But you need root > anyway, so there isn't much to be gained. >=20 > > But that is the default path used by passt. To > > use this safely, you really want to have a directory set aside for the > > use of just one passt instance, or at least passt-owning uid. >=20 > Right, that's what happens if libvirt starts it. >=20 > > I feel like we should enforce, or at least document and encourage that > > somewhere. Not really sure where, though, so, with some misgivings >=20 > I think we'll find a more reasonable solution by the time this becomes > actually usable by mere mortals using distribution packages. I would > anyway drop all this once we figure out how to make it convenient for > libvirt. For stand-alone usage, this is not really needed. Hm. I guess we'll see. --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --esmYh4A414BjKTaN Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmfQ1bsACgkQzQJF27ox 2GcGGQ/6AtRNbeRYM+e7IGYacvM9ifjpevYa14QS+4Rq10IidRfNbcL2e2xLg6BB UaTItv0o4TjqGZf3Up0PIxmEH00FmwPyTVuynWwEVb8CjwoeT8CBTlxm2yaiNrR9 g9+1uVXqEGvQVdA/0BlLKPls5cydgiLtG1fubIYxfO6gRxHnBMZstV0t6zpbbSzH g/7HAgB80RfMyGH2Kz7bTE69R2e+yS+AjNPVTsdAyWIHzBBDxB9PpZrI2/K848Ic QOjglsaM4b9pDHMQtPabqZfA1fXdkNjs+9PphCcPi3uK2a98FlTn8dcqpNO5Xptg TRFQnmrSS0HYAuDyvcRnumdw7saJEMtd0I6TU84hn9W7EJYmq7aA0Y9jbSNpyS+I zqblNWyjxazNGIKhYJTmQGqHwjjFecVtQWLhOUJogIVF1iA7TyIYLT+G75UIvvbp ZqDf+j0wmwj8OJKCPwY1iVu3Yggsasc4RWQOF82E82mgyQszl7zlEufinIf4Zskm BVVVHg9/kUc06UqjSwCQHvEWgO3lMztm+RemUp2xQTIhgTG69cw9lwb4QMQtm9O/ fP/qj7Y1xCWSQ9v3CwtLLekHv5+ug4oySqxHZ6iCMt5JMu8O2wIrCZaiVCe9rQX3 NzMvej7+AvffHa32zI1m93zjNBIwO6WdzBfvBYyn5eEB6jVR9zY= =zGxR -----END PGP SIGNATURE----- --esmYh4A414BjKTaN--