On 03.08.2012 22:33, rmarwah@xxxxxxxxxxxxxxxxxx wrote: > From: Richa Marwaha <rmarwah@xxxxxxxxxxxxxxxxxx> > > QEMU has a new feature which allows QEMU to execute under an unprivileged user ID and still be able to > add a tap device to a Linux network bridge. Below is the link to the QEMU patches for the bridge helper > feature: > > http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03562.html > > The existing libvirt tap network device support for adding a tap device to a bridge (-netdev tap) works > only when connected to a libvirtd instance running as the privileged system account 'root'. > When connected to a libvirtd instance running as an unprivileged user (ie. using the session URI) creation of > the tap device fails as follows: > > error: Failed to start domain F14_64 error: Unable to create tap device vnet%d: Operation not permitted > > With this support, creating a tap device in the above scenario will be possible. Additionally, hot attaching > a tap device to a bridge while running when connected to a libvirtd instance running as an unprivileged user > will be possible. > > Richa Marwaha (3): > Add -netdev bridge capabilities > Add -netdev bridge support > apparmor: QEMU bridge helper policy updates > > AUTHORS | 1 + > examples/apparmor/libvirt-qemu | 21 ++++++++++++++- > src/qemu/qemu_capabilities.c | 13 ++++++--- > src/qemu/qemu_capabilities.h | 1 + > src/qemu/qemu_command.c | 57 +++++++++++++++++++++++++++++---------- > src/qemu/qemu_command.h | 2 + > src/qemu/qemu_hotplug.c | 31 ++++++++++++++------- > tests/qemuhelptest.c | 3 +- > 8 files changed, 98 insertions(+), 31 deletions(-) > So I've went ahead, reviewed, ACKed and pushed whole series. I suggest is worth adding some kind of documentation (either a wiki page, or mention it somewhere in docs/ docs/drvqemu.html.in perhaps?) - how to set up bridge-helper. But I am okay if that's a follow up patch. It's not a show stopper after all. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list