[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] bridge_driver: use conffile for dnsmasq if it exists

On 12/21/2010 03:40 PM, Paweł Krześniak wrote:
> By default dnsmasq is spawned with option --conf-file="" which disables
> reading of global configuration file -- this is fine for most situations.

In fact, the libvirt policy is that it is essential to NOT allow the use
of global configuration files - if it is worth changing, it is worth
calling out directly in the XML directly.  Why?  Because if you run your
guest today, then someone edits the global config file, and you run your
guest tomorrow, you have no explainable reason logged in libvirt's
generated qemu/dnsmasq/... command line that explains the difference in
behavior, if those differences are hidden inside a global config file of
an external tool.  Furthermore, from the security perspective, sVirt
requires that separate domains cannot share resources, and that should
include common host config files.

> This patch adds possibility to run customized DNS/DHCP environment, by
> spawning dnsmasq with alternative configuration file if such file exists.
> This allows you to set any parameter described in dnsmasq(8).
> Configuration file is expected to be located in file named
> "<network_name>-dnsmasq.conf" in DNSMASQ_STATE_DIR directory.
> If configuration file doesn't exists dnsmasq is spawned as before.

You'll want to wait for danpb or DV to comment, but I'm thinking this
might be rejected, and that instead, we should consider addressing the
issue of what dnsmasq parameters you want to affect, and how we can
encode that into the libvirt XML without having to rely on an external
dnsmasq conf file.

Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]