diff mbox series

[XEN] tools/libxl: env variable to trusted default

Message ID 20220729132641.21221-3-anthony.perard@citrix.com (mailing list archive)
State New, archived
Headers show
Series [XEN] tools/libxl: env variable to trusted default | expand

Commit Message

Anthony PERARD July 29, 2022, 1:26 p.m. UTC 
This is a forward port of "tools/libxl: env variable to signal whether
disk/nic backend is trusted", to allow the environment variable to
still work when upgrading from 4.16 or earlier.

Introduce support in libxl for fetching the default backend trusted
option for disk and nic devices.

This is part of XSA-403.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---
 docs/man/xl.1.pod.in          | 24 ++++++++++++++++++++++++
 tools/libs/light/libxl_disk.c |  6 +++++-
 tools/libs/light/libxl_nic.c  |  5 ++++-
 3 files changed, 33 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/docs/man/xl.1.pod.in b/docs/man/xl.1.pod.in
index 101e14241d..a5a2af5df9 100644
--- a/docs/man/xl.1.pod.in
+++ b/docs/man/xl.1.pod.in
@@ -1945,6 +1945,30 @@  shows the decimal value. For non-linear mode, it shows hexadecimal value.
 
 =back
 
+=head1 ENVIRONMENT
+
+=over 4
+
+=item B<LIBXL_DISK_BACKEND_UNTRUSTED>
+
+Use B<trusted> or B<untrusted> from L<xl-disk-configuration(5)> instead for a
+more fine grain setting.
+
+This environment variable allows to changed the default value of B<trusted>;
+if it is set to "1", the default will be B<untrusted>; if the variable is
+absent or set to "0", the default will be B<trusted>.
+
+=item B<LIBXL_NIC_BACKEND_UNTRUSTED>
+
+Use B<trusted> / B<untrusted> from L<xl-network-configuration(5)> instead for a
+more fine grain setting.
+
+This environment variable allows to changed the default value of B<trusted>;
+if it is set to "1", the default will be B<untrusted>; if the variable is
+absent or set to "0", the default will be B<trusted>.
+
+=back
+
 =head1 IGNORED FOR COMPATIBILITY WITH XM
 
 xl is mostly command-line compatible with the old xm utility used with
diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c
index 9da2b2ed27..7564a12868 100644
--- a/tools/libs/light/libxl_disk.c
+++ b/tools/libs/light/libxl_disk.c
@@ -155,11 +155,15 @@  static int libxl__device_disk_setdefault(libxl__gc *gc, uint32_t domid,
                                          libxl_device_disk *disk, bool hotplug)
 {
     int rc;
+    const char *envvar;
 
     libxl_defbool_setdefault(&disk->discard_enable, !!disk->readwrite);
     libxl_defbool_setdefault(&disk->colo_enable, false);
     libxl_defbool_setdefault(&disk->colo_restore_enable, false);
-    libxl_defbool_setdefault(&disk->trusted, true);
+
+    envvar = getenv("LIBXL_DISK_BACKEND_UNTRUSTED");
+    /* Default to trusted if envvar missing or is "0". */
+    libxl_defbool_setdefault(&disk->trusted, !envvar || !strcmp("0", envvar));
 
     rc = libxl__resolve_domid(gc, disk->backend_domname, &disk->backend_domid);
     if (rc < 0) return rc;
diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c
index d6bf06fc34..ff3aede6ea 100644
--- a/tools/libs/light/libxl_nic.c
+++ b/tools/libs/light/libxl_nic.c
@@ -59,6 +59,7 @@  static int libxl__device_nic_setdefault(libxl__gc *gc, uint32_t domid,
                                         libxl_device_nic *nic, bool hotplug)
 {
     int rc;
+    const char *envvar;
 
     if (!nic->mtu)
         nic->mtu = LIBXL_DEVICE_NIC_MTU_DEFAULT;
@@ -116,7 +117,9 @@  static int libxl__device_nic_setdefault(libxl__gc *gc, uint32_t domid,
         abort();
     }
 
-    libxl_defbool_setdefault(&nic->trusted, true);
+    envvar = getenv("LIBXL_NIC_BACKEND_UNTRUSTED");
+    /* Default to trusted if envvar missing or is "0". */
+    libxl_defbool_setdefault(&nic->trusted, !envvar || !strcmp("0", envvar));
 
     return rc;
 }