Re: [pve-devel] [RFC PATCH] add kiosk option to vm
On 02/09/2018 03:23 PM, Dietmar Maurer wrote: with my patch as it is, only root can change the option afaics there is no option to set the target file (at least not on the commandline) only 'TMPDIR' via an environment variable (but i guess this is not what we want since it changes the location of all tmpfiles of qemu) I always rejected this kiosk mode because we found no clean solution. One idea was to use storage snapshots, and rollback at start... but we actually have it already in? i just have to set 'snapshot=on' on every disk and have the same behavior, adding the 'kiosk' config is just convenience ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [RFC PATCH] add kiosk option to vm
> with my patch as it is, only root can change the option > > afaics there is no option to set the target file (at least not on the > commandline) only 'TMPDIR' via an environment variable (but i guess this > is not what we want since it changes the location of all tmpfiles of qemu) I always rejected this kiosk mode because we found no clean solution. One idea was to use storage snapshots, and rollback at start... ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [RFC PATCH] add kiosk option to vm
On 02/09/2018 09:57 AM, Fabian Grünbichler wrote: On Thu, Feb 08, 2018 at 03:39:36PM +0100, Dominik Csapak wrote: this adds a 'kiosk' option, which enables qemus snapshot mode, which redirects all writes to a temporary file, so that if you stop the qemu process, the disks are in their original state Signed-off-by: Dominik Csapak --- the only possible pitfall with this mode is that the temporary writes go on a file on (i think) /var/tmp which in our case means the root partition could get full, but since we can already enable this option per disk, i guess this is not an issue IMHO this warrants some kind of permission checks, since it is an easy DoS vector? or if it is possible to redirect this somehow, we could make the feature more powerful and allocate a kiosk volume on a configured storage with a configured size, and use that as "scratch space"? with my patch as it is, only root can change the option afaics there is no option to set the target file (at least not on the commandline) only 'TMPDIR' via an environment variable (but i guess this is not what we want since it changes the location of all tmpfiles of qemu) PVE/QemuServer.pm | 10 ++ 1 file changed, 10 insertions(+) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 20d6682..28a0f19 100644 --- a/PVE/QemuServer.pm +++ b/PVE/QemuServer.pm @@ -532,6 +532,12 @@ EODESCR description => "Select BIOS implementation.", default => 'seabios', }, +kiosk => { + optional => 1, + type => 'boolean', + default => 0, + description => "If activated, writes to the disks of the VM will be temporary, and will be lost when stopping the VM." +} }; # what about other qemu settings ? @@ -3401,6 +3407,10 @@ sub config_to_command { } } +if ($conf->{kiosk}) { + push @$cmd, '-snapshot'; +} + # add custom args if ($conf->{args}) { my $aa = PVE::Tools::split_args($conf->{args}); -- 2.11.0 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [RFC PATCH] add kiosk option to vm
On Thu, Feb 08, 2018 at 03:39:36PM +0100, Dominik Csapak wrote: > this adds a 'kiosk' option, which enables qemus snapshot > mode, which redirects all writes to a temporary file, so > that if you stop the qemu process, the disks are in their original state > > Signed-off-by: Dominik Csapak > --- > the only possible pitfall with this mode is that the temporary writes > go on a file on (i think) /var/tmp which in our case means the > root partition could get full, but since we can already enable this > option per disk, i guess this is not an issue IMHO this warrants some kind of permission checks, since it is an easy DoS vector? or if it is possible to redirect this somehow, we could make the feature more powerful and allocate a kiosk volume on a configured storage with a configured size, and use that as "scratch space"? > > PVE/QemuServer.pm | 10 ++ > 1 file changed, 10 insertions(+) > > diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm > index 20d6682..28a0f19 100644 > --- a/PVE/QemuServer.pm > +++ b/PVE/QemuServer.pm > @@ -532,6 +532,12 @@ EODESCR > description => "Select BIOS implementation.", > default => 'seabios', > }, > +kiosk => { > + optional => 1, > + type => 'boolean', > + default => 0, > + description => "If activated, writes to the disks of the VM will be > temporary, and will be lost when stopping the VM." > +} > }; > > # what about other qemu settings ? > @@ -3401,6 +3407,10 @@ sub config_to_command { > } > } > > +if ($conf->{kiosk}) { > + push @$cmd, '-snapshot'; > +} > + > # add custom args > if ($conf->{args}) { > my $aa = PVE::Tools::split_args($conf->{args}); > -- > 2.11.0 > > > ___ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel