On 08/06/2012 10:56 AM, Michal Privoznik wrote: > On 03.08.2012 22:33, rmarwah@xxxxxxxxxxxxxxxxxx wrote: >> From: Richa Marwaha <rmarwah@xxxxxxxxxxxxxxxxxx> >> >> QEMU has a new feature which allows QEMU to execute under an unprivileged user ID and still be able to >> add a tap device to a Linux network bridge. >> [...] > So I've went ahead, reviewed, ACKed and pushed whole series. > I suggest is worth adding some kind of documentation (either a wiki > page, or mention it somewhere in docs/ docs/drvqemu.html.in perhaps?) - > how to set up bridge-helper. Yes, it's a bit odd to figure out the right place to document it, since there is no setup done within libvirt - libvirt just silently takes advantage of it if it's there. By the way, I had earlier expressed concern about the eventuality that we support bridged networking for non-privileged users directly within libvirt (via a separate libvirt-networkd and policykit), and the case where someone had a working config using the qemu helper - I was worried that this person's setup might stop working as a result of the upgrade which changed to the newer method of setting up the network (e.g. if something needed to be configured to allow that user access via policykit, and hadn't been done yet). Since then I've realized that we can handle that problem by continuing to fall back to the qemu helper when this (for now mythical) new method fails. That removes my only concern about this series. Another issue though - a patch for AppArmor has been included, but I'm unclear of whether this needs something done for selinux (either in libvirt itself, or in selinux-policy). Does somebody have the updated qemu installed on a system with selinux enabled, and could you give it a try? -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list