From nobody Sun Feb  8 05:12:58 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1676375528; cv=none;
	d=zohomail.com; s=zohoarc;
	b=P17OBhHCeQ2I2l5dJRNCpq6nQ4J4+hZcNyzu7LwCilcnzZ06KfLGJwF/151f07wlb7O0PJcmQqUwfT6czu/VZTCQegl9bWcX0fGyOlkUlAf08aWDVU+KLtrUW5N1KUAhpWNAwvrNf6CDJWblY9ON1JsV0QZEpwYK8A4/rLhIzzU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1676375528;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=oDg162r32V15U2UZBDKnyhQD4s2WwK82d5ZnhYcuERU=;
	b=blo3E+3rHyCNsaiusLHkcpKv6COPOiB8IedenIzWq0Qva5Atv68pn6Z3Fb3G9U3UYFmsFh6ctuzr382O3UeJpVWeJcUI0bMjSJaBK/mpNsqBBhP/0DelfOeJ8ejtSgIGl8hPWDBdMaW+Q9uPjWW3aSSOTvt54MvjE0voHgnUJYo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mprivozn@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1676375528515277.8814614822119;
 Tue, 14 Feb 2023 03:52:08 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-440-t_CFeuKhP7qSEO8avxo-kw-1; Tue, 14 Feb 2023 06:51:32 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6EA683C0E476;
	Tue, 14 Feb 2023 11:51:29 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5BA0318EC7;
	Tue, 14 Feb 2023 11:51:29 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 405C019465BB;
	Tue, 14 Feb 2023 11:51:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 54E711946586 for <libvir-list@listman.corp.redhat.com>;
 Tue, 14 Feb 2023 11:51:28 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 4813B140006B; Tue, 14 Feb 2023 11:51:28 +0000 (UTC)
Received: from maggie.redhat.com (unknown [10.43.2.39])
 by smtp.corp.redhat.com (Postfix) with ESMTP id ACBFA140EBF6;
 Tue, 14 Feb 2023 11:51:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1676375527;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=oDg162r32V15U2UZBDKnyhQD4s2WwK82d5ZnhYcuERU=;
	b=TRxDnYVZAIT2xHZIHm4gwSeZLrn1iaoNA07p8RdTKJYfCDvgg3eMjOhYlhz4G6uQlpy4qw
	k3Sjp7I6nYvC9304nIbRC9pA0iiltZZvHRFFtqkuk1fgBvTd0GGjd9rbWBybZMJcO6YGiQ
	gmNlNxarrW3YpMGeOO+uKk/BYfocgI4=
X-MC-Unique: t_CFeuKhP7qSEO8avxo-kw-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 4/4] qemu_passt: Don't let passt fork off
Date: Tue, 14 Feb 2023 12:51:22 +0100
Message-Id: 
 <5abfc412e4692a38e980c8dc600e1bfbd03ddcfd.1676374699.git.mprivozn@redhat.com>
In-Reply-To: <cover.1676374699.git.mprivozn@redhat.com>
References: <cover.1676374699.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: sbrivio@redhat.com, passt-dev@passt.top
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1676375529908100003
Content-Type: text/plain; charset="utf-8"; x-default="true"

When passt starts it tries to do some security measures to
restrict itself. For instance, it creates its own namespaces,
umounts basically everything, drops capabilities, forks off to
further restrict itself (the child is where all interesting work
takes place now). This is sound, except it's causing two
problems:

1) the PID file FD, which we leak into the passt process, gets
   closed (and thus our virPidFile*() helpers see unlocked PID
   file, which makes them think the process is gone),

2) the PID file no longer reflects true PID of the process.

Worse, the child calls setsid() so we can't even kill the whole
process group. I mean, we can but it won't be any good.

Fortunately, passt has '--foreground' argument, which causes it
to undergo the same security measures but without forking off the
child. This in turn means, that the PID file FD won't get closed
and the PID file itself contains the correct PID.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_passt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 78830fdc26..441cfe87e8 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
@@ -159,6 +159,7 @@ qemuPasstStart(virDomainObj *vm,
     virCommandDaemonize(cmd);
=20
     virCommandAddArgList(cmd,
+                         "--foreground",
                          "--one-off",
                          "--socket", passtSocketName,
                          "--mac-addr", virMacAddrFormat(&net->mac, macaddr=
),
--=20
2.39.1