imgedit.py: do not open a port to the entire world

Since commit 464f4e0, imgedit.py opens runs qemu-nbd on a random port,
but qemu-nbd needlessly listens to all interfaces - including potentially
to connections from the outside world. While the practical risk is minimal
(imgedit.py runs for very short duration), there is no need to take it at
all - qemu-nbd should only listen to the 127.0.0.1 interface (see issue #709).

And in turn, imgedit.py should contact 127.0.0.1 and not rely on the
alias "localhost" working for ipv4 (see issue #534).

Signed-off-by: Nadav Har'El <[email protected]>
Message-Id: <[email protected]>

Author: nyh

scripts/imgedit.py

@@ -59,11 +59,11 @@ def __init__(self, filename):
         self._buf = None
         self._closed = True
         nbd_port = randint(10809, 20809)
-        self._process = subprocess.Popen(["qemu-nbd", "-p", str(nbd_port)] + fileformat + [filename], shell=False, stdout=_devnull)
+        self._process = subprocess.Popen(["qemu-nbd", "-b", "127.0.0.1", "-p", str(nbd_port)] + fileformat + [filename], shell=False, stdout=_devnull)
         # wait for qemu-nbd to start: this thing doesn't tell anything on stdout
         while True:
             try:
-                self._client = nbd_client("localhost", nbd_port)
+                self._client = nbd_client("127.0.0.1", nbd_port)
                 break
             except:
                 if self._process.poll() != None: