On Thu, Nov 12, 2009 at 8:20 PM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: > On Tue, Nov 10, 2009 at 07:03:53PM +0900, Ryota Ozaki wrote: >> Hi, >> >> I have a question about interface script (e.g., qemu-ifup) for qemu/kvm. >> qemu/kvm is dropped its all capabilities by libcap-ng before executed. >> So the script that is executed by qemu/kvm will fail if it executes >> privileged operations which are usual jobs of it. >> >> It means we cannot use <script> anymore? or I'm missing something? > > That is correct. > >> I think executing the script in libvirtd after creating a tap and before >> dropping capabilities would be a solution for that issue. Am I wrong? > > If we want to keep the 'script' capability, then that is pretty much the > only option I see. Personally though I'd rather people never used the > script capability because its an opaque blackbox doing who knows what Honestly said, I was so ;-) but now I want to incorporate external networking tools like Open vSwitch and such tools require own special command to connect a tap with their bridge-like interface. Then I first attempted 'script' feature and got the problem. I think another way is that libvirt supports such tools inside like ebtables. Is it appreciate to libvirt? If so, I'm welcome to do that. Thanks, ozaki-r > > Regards, > Daniel > -- > |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| > |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| > |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| > -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list