Re: [Patch v3 0/3] Add QEMU network helper support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Quoting Michal Privoznik <mprivozn@xxxxxxxxxx>:


On 03.08.2012 22:33, rmarwah@xxxxxxxxxxxxxxxxxx wrote:

From: Richa Marwaha <rmarwah@xxxxxxxxxxxxxxxxxx>
QEMU has a new feature which allows QEMU to execute under an unprivileged user ID and still be able to add a tap device to a Linux network bridge. Below is the link to the QEMU patches for the bridge helper 
feature:

http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03562.html
The existing libvirt tap network device support for adding a tap device to a bridge (-netdev tap) works only when connected to a libvirtd instance running as the privileged system account 'root'. When connected to a libvirtd instance running as an unprivileged user (ie. using the session URI) creation of 
the tap device fails as follows:
error: Failed to start domain F14_64 error: Unable to create tap device vnet%d: Operation not permitted
With this support, creating a tap device in the above scenario will be possible. Additionally, hot attaching a tap device to a bridge while running when connected to a libvirtd instance running as an unprivileged user 
will be possible.

Richa Marwaha (3):
  Add -netdev bridge capabilities
  Add -netdev bridge support
  apparmor: QEMU bridge helper policy updates

 AUTHORS                        |    1 +
 examples/apparmor/libvirt-qemu |   21 ++++++++++++++-
 src/qemu/qemu_capabilities.c   |   13 ++++++---
 src/qemu/qemu_capabilities.h   |    1 +
src/qemu/qemu_command.c | 57 +++++++++++++++++++++++++++++---------- 
 src/qemu/qemu_command.h        |    2 +
 src/qemu/qemu_hotplug.c        |   31 ++++++++++++++-------
 tests/qemuhelptest.c           |    3 +-
 8 files changed, 98 insertions(+), 31 deletions(-)



So I've went ahead, reviewed, ACKed and pushed whole series.
I suggest is worth adding some kind of documentation (either a wiki
page, or mention it somewhere in docs/ docs/drvqemu.html.in perhaps?) -
how to set up bridge-helper. But I am okay if that's a follow up patch.
It's not a show stopper after all.
Thanks a lot Michal for reviewing n pushing the patches. We have the following wiki 
which gives the information on how to set up bridge-helper

http://wiki.qemu.org/Features/HelperNetworking

Regards
Richa

Michal




--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]