On Wed, Jun 25, 2025 at 10:38 AM Pavel Hrdina <phrd...@redhat.com> wrote: > > On Wed, Jun 25, 2025 at 09:40:16AM +0200, Enrique Llorente via Devel wrote: > > Add support for passing extra arguments to the passt binary through > > the domain XML configuration. This allows users to specify additional > > command-line arguments for passt that are not covered by existing > > structured fields. > > > > The new extraArgs attribute is added to the backend element: > > <backend type='passt' extraArgs='--debug --no-dhcp -v'/> > > > > The extraArgs string is parsed using g_shell_parse_argv() to split > > it into individual arguments before passing them to the passt command. > > > > This change includes: > > - New field in virDomainNetBackend structure > > - XML schema update to allow extraArgs attribute > > - Parsing and formatting support in domain_conf.c > > - Backend comparison function update > > - Memory cleanup for the new field > > - QEMU passt integration to use the extra arguments > > - Comprehensive tests for both user and vhostuser interfaces > > > > This is an RFE to gather feedback on the approach. I have a few questions > > for the community: > > > > 1. Is this general approach of adding extraArgs reasonable, or should we > > instead focus on adding specific structured fields for each passt option? > > No, this is not something we would add to VM XML. If there is something > missing from our XML it should be added as proper attribute and or > element. > > > 2. Should extraArgs be marked as unsupported/unstable in the documentation, > > with a clear indication that it's primarily intended for development and > > testing purposes? > > We do have similar "feature" for QEMU where you can pass any argument > you want for development/testing purposes, see [1]. >
Should we implement this with a new new <passt:commandline> tag under the passt backend ? Use case example: <domain type='qemu' xmlns:passt='http://libvirt.org/schemas/domain/passt/1.0'> <name>my-vm</name> <!-- ... other config ... --> <devices> <interface type='user'> <mac address='00:11:22:33:44:55'/> <model type='virtio'/> <backend type='passt' logFile='/var/log/passt.log'> <!-- This will taint the domain --> <passt:commandline> <passt:arg value='--debug'/> <passt:arg value='--dns-forward'/> <passt:arg value='8.8.8.8'/> </passt:commandline> </backend> </interface> </devices> </domain> > > 3. Are there any security concerns with allowing arbitrary arguments to be > > passed to the passt binary via XML configuration? > > In case of QEMU we mark the VM as tainted, that means no support and > users are on their own if something breaks. > > > 4. Would it be better to validate the arguments against a known allowlist > > rather than allowing any argument string? > > No, if they are supposed to be used in production they should be > exported as proper XML attribute/element, for development/testing it > could be used for some new arguments where it doesn't make sense to have > allow list hardcoded in libvirt as you would have to update that list > and recompile libvirt in order to try new argument. > > [1] <https://libvirt.org/drvqemu.html#pass-through-of-arbitrary-qemu-commands> > > Pavel -- Quique Llorente CNV networking Senior Software Engineer Red Hat EMEA ellor...@redhat.com @RedHat Red Hat Red Hat
