aboutsummaryrefslogtreecommitdiff
path: root/configure
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2021-07-09 18:41:41 +0200
committerKevin Wolf <kwolf@redhat.com>2021-07-20 13:14:45 +0200
commite5f05f8c375157211c7da625a0d3f3ccdb4957d5 (patch)
treefc5592f27a8f5b0379f82395e153ce085e91df1c /configure
parentd44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (diff)
block: Add option to use driver whitelist even in tools
Currently, the block driver whitelists are only applied for the system emulator. All other binaries still give unrestricted access to all block drivers. There are use cases where this made sense because the main concern was avoiding customers running VMs on less optimised block drivers and getting bad performance. Allowing the same image format e.g. as a target for 'qemu-img convert' is not a problem then. However, if the concern is the supportability of the driver in general, either in full or when used read-write, not applying the list driver whitelist in tools doesn't help - especially since qemu-nbd and qemu-storage-daemon now give access to more or less the same operations in block drivers as running a system emulator. In order to address this, introduce a new configure option that enforces the driver whitelist in all binaries. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20210709164141.254097-1-kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'configure')
-rwxr-xr-xconfigure14
1 files changed, 12 insertions, 2 deletions
diff --git a/configure b/configure
index 63f38fa94c..232c54dcc1 100755
--- a/configure
+++ b/configure
@@ -243,6 +243,7 @@ cross_prefix=""
audio_drv_list=""
block_drv_rw_whitelist=""
block_drv_ro_whitelist=""
+block_drv_whitelist_tools="no"
host_cc="cc"
audio_win_int=""
libs_qga=""
@@ -1016,6 +1017,10 @@ for opt do
;;
--block-drv-ro-whitelist=*) block_drv_ro_whitelist=$(echo "$optarg" | sed -e 's/,/ /g')
;;
+ --enable-block-drv-whitelist-in-tools) block_drv_whitelist_tools="yes"
+ ;;
+ --disable-block-drv-whitelist-in-tools) block_drv_whitelist_tools="no"
+ ;;
--enable-debug-tcg) debug_tcg="yes"
;;
--disable-debug-tcg) debug_tcg="no"
@@ -1800,10 +1805,12 @@ Advanced options (experts only):
--block-drv-whitelist=L Same as --block-drv-rw-whitelist=L
--block-drv-rw-whitelist=L
set block driver read-write whitelist
- (affects only QEMU, not qemu-img)
+ (by default affects only QEMU, not tools like qemu-img)
--block-drv-ro-whitelist=L
set block driver read-only whitelist
- (affects only QEMU, not qemu-img)
+ (by default affects only QEMU, not tools like qemu-img)
+ --enable-block-drv-whitelist-in-tools
+ use block whitelist also in tools instead of only QEMU
--enable-trace-backends=B Set trace backend
Available backends: $trace_backend_list
--with-trace-file=NAME Full PATH,NAME of file to store traces
@@ -4583,6 +4590,9 @@ if test "$audio_win_int" = "yes" ; then
fi
echo "CONFIG_BDRV_RW_WHITELIST=$block_drv_rw_whitelist" >> $config_host_mak
echo "CONFIG_BDRV_RO_WHITELIST=$block_drv_ro_whitelist" >> $config_host_mak
+if test "$block_drv_whitelist_tools" = "yes" ; then
+ echo "CONFIG_BDRV_WHITELIST_TOOLS=y" >> $config_host_mak
+fi
if test "$xfs" = "yes" ; then
echo "CONFIG_XFS=y" >> $config_host_mak
fi