diff options
author | Mikko Rapeli <mikko.rapeli@linaro.org> | 2022-11-14 17:50:38 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-20 08:29:07 +0000 |
commit | aa3cb188b853c3ecec1a3c9a141da1e71f7604e5 (patch) | |
tree | fa9e7fe9f8879f09f072403e27c4f82b3d5b669b | |
parent | 248180ab2dea6af92c93f6c26e0da6d1a4445ae5 (diff) | |
download | poky-aa3cb188b853c3ecec1a3c9a141da1e71f7604e5.tar.gz |
runqemu: limit slirp host port forwarding to localhost 127.0.0.1
With default slirp port forwarding config qemu listens on TCP ports
2222 and 2323 on all IP addresses available on the build host. Most
use cases with runqemu only need it for localhost and it is not
safe to run qemu images with root login without password enabled
and listening on all available, possibly Internet reachable network
interfaces. Limit qemu port forwarding to localhost 127.0.0.1 IP
address. Now qemu machine SSH and telnet ports are only
reachable from the build host machine, not full Internet.
If qemu machine needs to be reachable from network, then it can
be enabled via local.conf or machine config variable QB_SLIRP_OPT:
QB_SLIRP_OPT = "-netdev user,id=net0,hostfwd=tcp::2222-:22"
(From OE-Core rev: c6b1e3d50bf2feea80b70a42c6fad868fa9e6042)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rwxr-xr-x | scripts/runqemu | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/runqemu b/scripts/runqemu index a6ea578564..7bd9465593 100755 --- a/scripts/runqemu +++ b/scripts/runqemu | |||
@@ -1071,7 +1071,7 @@ class BaseConfig(object): | |||
1071 | logger.info("Network configuration:%s", netconf) | 1071 | logger.info("Network configuration:%s", netconf) |
1072 | self.kernel_cmdline_script += netconf | 1072 | self.kernel_cmdline_script += netconf |
1073 | # Port mapping | 1073 | # Port mapping |
1074 | hostfwd = ",hostfwd=tcp::2222-:22,hostfwd=tcp::2323-:23" | 1074 | hostfwd = ",hostfwd=tcp:127.0.0.1:2222-:22,hostfwd=tcp:127.0.0.1:2323-:23" |
1075 | qb_slirp_opt_default = "-netdev user,id=net0%s,tftp=%s" % (hostfwd, self.get('DEPLOY_DIR_IMAGE')) | 1075 | qb_slirp_opt_default = "-netdev user,id=net0%s,tftp=%s" % (hostfwd, self.get('DEPLOY_DIR_IMAGE')) |
1076 | qb_slirp_opt = self.get('QB_SLIRP_OPT') or qb_slirp_opt_default | 1076 | qb_slirp_opt = self.get('QB_SLIRP_OPT') or qb_slirp_opt_default |
1077 | # Figure out the port | 1077 | # Figure out the port |