[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line

From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line options from qcow2 images
Date: Thu, 09 Aug 2007 19:48:14 -0500
User-agent: Thunderbird (X11/20070728)

Brian Wheeler wrote:
On Thu, 2007-08-09 at 23:16 +0300, Avi Kivity wrote:
Anthony Liguori wrote:
I think it is a bad idea from a security POV to automatically extract & use command line args from a disk image like this without the admin explicitly requesting this capability. eg If I grabbed a demo disk image from a vendors' or community website I would certainly not trust whatever args may happen to be embedded in the disk image
and thus do not want QEMU to be automatically running using them.

I'd recommend having some command line flag to turn this capability on. For
example a '--args PATH-TO-DISK' flag,

  qemu --args $HOME/fedora.qcow
That's pretty nasty. How do you specify which disk this is then? I do agree with you that allowing arbitrary command line arguments in an image file is probably a bad idea. I think the general idea of being able to launch a single image is useful but I suspect this is not the right way to do it.

What are some people thinking would want to be stored in the file? Most of the command line options are more host specific than guest specific I think. Maybe we can store a pseudo-config instead that only contains a subset of parameters (and therefore, wouldn't pose a security risk)?
Memory size, -hdb and -cdrom, processor count, networking setup. The sort of things people push into ad-hoc scripts.

I expect this to be the low-end solution; with high end management applications storing configuration options in a database.

Why not just save the options to a file and have qemu parse it?  That
way all of the security issues are taken care of, and it can be cross
platform (no need for a shell script and/or batch file) so it'd be

If the format was one flag per line (as if the command line got broken
up in pairs) as in "-hdb myfile.img" being on one line and "-fda
boot.img" on another line, then its easy to edit programically as well.

All of my shell scripts to start qemu tend to look like this:

qemu -hda disk0.img -net nic -net user -m 512 -localtime   $*

so I can pass one-time parameters as necessary (that's the $* at the
end) by specifying args when I invoke the script.  If qemu had a default
configuration file it looked for, and then you could specify one-or-more
configuration files to read in addition (later values overriding earlier
ones), then it seems like it'd work out for most if not all situations.

Yes, I agree config files are the proper solution here but that's a pretty big effort. It may be valuable to have an intermediary solution.


Anthony Liguori


reply via email to

[Prev in Thread] Current Thread [Next in Thread]