> On Sun, Nov 23, 2014 at 08:23:21PM -0500, David Miller wrote: > > From: "Michael S. Tsirkin" <m...@redhat.com> > > Date: Sun, 23 Nov 2014 22:30:32 +0200 > > > > > qemu runs in the host, but it's unpriveledged: it gets > > > passed tun FDs by a priveledged daemon, and it only > > > has the rights to some operations, > > > in particular to attach and detach queues. > > > > > > The assumption always was that this operation is safe > > > and can't make kernel run out of resources. > > > > This creates a rather rediculous situation in my opinion. > > > > Configuring a network device is a privileged operation, the daemon > > should be setting this thing up. > > > > In no other context would we have to worry about something like this. > > Right. Jason corrected me. I got it wrong: > what qemu does is TUNSETQUEUE and that needs to get a queue > that's already initialized by the daemon. > > To create new queues daemon calls TUNSETIFF, > and that already can be used to create new devices, > so it's a priveledged operation. > > This means it's safe to just drop the restriction, > exactly as you suggested originally.
I will drop patch2 to add sysctl entry and and will send a v2 with other patches. Thanks, Pankaj > -- > MST > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
