virt-ark / libvirt

Clone
Source Code
GIT

f4f1d18 qemu: fail on attempts to use <filterref> for non-tap network connections

Authored and Committed by Laine Stump 8 years ago
raw patch tree parent
2 files changed. 22 lines added. 0 lines removed.
src/qemu/qemu_command.c
file modified
+11 -0
src/qemu/qemu_hotplug.c
file modified
+11 -0 
    qemu: fail on attempts to use <filterref> for non-tap network connections
    
    nwfilter uses iptables and ebtables, which only work properly on
    tap-based network connections (*not* on macvtap, for example), but we
    just ignore any <filterref> elements for other types of networks,
    potentially giving users a false sense of security.
    
    This patch checks the network type and fails/logs an error if any
    domain <interface> has a <filterref> when the connection isn't using a
    tap device.
    
    This resolves:
    
      https://bugzilla.redhat.com/show_bug.cgi?id=1180011
file modified
+11 -0
file modified
+11 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.