Hi, On Thu, Nov 17, 2022 at 02:17:13PM +0100, Quentin Schulz wrote: > Hi Mikko, > > On 11/14/22 16:50, Mikko Rapeli wrote: > > With default slirp port forwarding config qemu listens on TCP ports > > 2222 and 2323 on all IP addresses available on the build host. Most > > use cases with runqemu only need it for localhost and it is not > > safe to run qemu images with root login without password enabled > > and listening on all available, possibly Internet reachable network > > interfaces. Limit qemu port forwarding to localhost 127.0.0.1 IP > > address. Now qemu machine SSH and telnet ports are only > > reachable from the build host machine, not full Internet. > > > > If qemu machine needs to be reachable from network, then it can > > be enabled via local.conf or machine config variable QB_SLIRP_OPT: > > > > QB_SLIRP_OPT = "-netdev user,id=net0,hostfwd=tcp::2222-:22" > > > > Signed-off-by: Mikko Rapeli <[email protected]> > > --- > > scripts/runqemu | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/scripts/runqemu b/scripts/runqemu > > index a6ea578564..7bd9465593 100755 > > --- a/scripts/runqemu > > +++ b/scripts/runqemu > > @@ -1071,7 +1071,7 @@ class BaseConfig(object): > > logger.info("Network configuration:%s", netconf) > > self.kernel_cmdline_script += netconf > > # Port mapping > > - hostfwd = ",hostfwd=tcp::2222-:22,hostfwd=tcp::2323-:23" > > + hostfwd = > > ",hostfwd=tcp:127.0.0.1:2222-:22,hostfwd=tcp:127.0.0.1:2323-:23" > > With the additional knowledge we gathered in the last patches, I believe it > would be a good thing to say a few words/update the documentation. > > See > https://lore.kernel.org/yocto-docs/[email protected]/T/#t > for a patch I believe might make it to master soon? I think we should say > what the default value entails (even if this patch isnt' taken) and maybe > point/refer to the QEMU documentation for the meaning of options in > QB_SLIRP_OPT. I believe some/all of options listed > https://www.qemu.org/docs/master/system/invocation.html are possible? > > What do you think?
Yes, I agree, and saw that change too. I'll try to document this once change gets integrated. Cheers, -Mikko > Cheers, > Quentin
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173424): https://lists.openembedded.org/g/openembedded-core/message/173424 Mute This Topic: https://lists.openembedded.org/mt/95021917/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
