[libvirt] [PATCH 3/8] docs: Add docs and rng schema for new XML cdbfilter

Eric Blake eblake at redhat.com
Fri Dec 14 20:47:40 UTC 2012 

On 12/14/2012 01:33 PM, Eric Blake wrote:
> On 12/13/2012 12:05 PM, Osier Yang wrote:
>> Since "rawio" and "cdbfilter" are only valid for "lun", this
>> groups them together; And since both of them intend to allow
>> the unprivledged user to use the SG_IO commands, they must be
> 
> s/unprivledged/unprivileged/

> rawio     cdbfilter      result
> missing   missing        kernel prevents SG_IO
> missing   no             kernel prevents SG_IO
> missing   yes            SG_IO allowed for disk
> no        missing        kernel prevents SG_IO
> no        no             kernel prevents SG_IO
> no        yes            SG_IO allowed for disk
> yes       missing        SG_IO allowed for process
> yes       no             SG_IO allowed for process
> yes       yes            error

This table shows another reason why I don't like your naming - the
defaults are screwy, when an omitted rawio means 'no', but an omitted
cdbfilter means 'yes'.  Corrected, the table looks like:

rawio     cdbfilter      result
missing   missing        kernel prevents SG_IO
missing   no             SG_IO allowed for disk
missing   yes            kernel prevents SG_IO
no        missing        kernel prevents SG_IO
no        no             error? or SG_IO allowed for disk?
no        yes            error? or kernel prevents SG_IO?
yes       missing        SG_IO allowed for process
yes       no             error
yes       yes            error? or kernel prevents SG_IO?

> Why not simplify things, and have a single attribute rawio, with
> multiple values?
> 
> rawio        result
> missing      kernel prevents SG_IO
> no           kernel prevents SG_IO
> yes          SG_IO allowed for process
> cdb          SG_IO allowed for disk
> 
> where we document that 'yes' works on more kernel versions than 'cdb',
> but that 'cdb' (new to 1.0.1) is more secure.

Oh, another thing, what does 'cdb' mean?  It happens to be an acronym
that matches the kernel implementation, but it doesn't convey much
meaning on its own.  Given that our existing rawio='yes' merely turns on
SG_IO via a capability for the entire process, and the new filtering
method enables per-disk whitelisting of which disks get to use SG_IO
passthrough, would it be any better to document things as:

no|yes|disk

and where we additionally allow 'process' as a synonym for 'yes' on
input (for back-compat, we have to output 'yes', not 'process').  That
is, I don't know that exposing the term 'cdb' buys us any understanding
into what is really going on.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20121214/0c9c4527/attachment-0001.sig>

More information about the libvir-list mailing list