On 08/05/10 - 02:12:36PM, Doug Goldstein wrote:
> When attempting to add a tap device, the error message is fairly cryptic
> as to what really happened. If possible, try to load the tun module and
> then try again to add the tap device again to improve the user
> experience.
>
> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx>
> ---
> src/util/bridge.c | 21 +++++++++++++++++++--
> 1 files changed, 19 insertions(+), 2 deletions(-)
>
> diff --git a/src/util/bridge.c b/src/util/bridge.c
> index 7d0caae..ca4bcc9 100644
> --- a/src/util/bridge.c
> +++ b/src/util/bridge.c
> @@ -486,12 +486,29 @@ brAddTap(brControl *ctl,
> {
> int fd;
> struct ifreq ifr;
> + const char * const argv[] = { "modprobe", "tun", NULL };
> + int err, exitstatus = 0;
Hm, I can't say I like this. Libvirt really shouldn't be in the business
of loading kernel modules (I know, we actually do this in the pci passthrough
code, but I don't think we should). Besides being pretty gross, this will
cause havoc with security policies (like SELinux): you'll need to make the
security module allow libvirtd the ability to modprobe any module, which means
that any flaw in libvirtd turns into a possible system-wide compromise.
--
Chris Lalancette
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list