Re: [PATCH 3/5] qemu_conf: add new configuration key bridge_helper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/18/2013 11:35 AM, Laine Stump wrote:

>> +# Path to the setuid helper for creating tap devices.  This executable
>> +# is used to create <source type='bridge'> interfaces when libvirtd is
>> +# running unprivileged.  libvirt invokes the helper directly, instead
>> +# of using "-netdev bridge", for security reasons.
>> +#bridge_helper = "/usr/libexec/qemu-bridge-helper"
>> +
>> +
> 
> Are we sure we want to allow this to be configured? That could lead to
> some "interesting" troubleshooting incidents :-)

About the only time it would be configured is if qemu is installed in an
alternate location.

> 
> On the other hand, I guess the path to qemu itself is right there in the
> domain config file, so how much worse could this be...

Yeah, sometimes we've got to just trust the user to not be insane.

> 
> ACK. (But I'd like at least one other ACK from someone else due to the
> fact that this is polluting the config namespace with something we would
> like to eventually eliminate.)

Even if we add a way for libvirt to get the tap device without depending
on qemu's helper program, we'll have to leave the config item present
(so we don't reject an older .conf file as invalid), but we can then
ignore the entry at that point.  I can live with this change going in,
so I agree with your ACK, and have pushed it.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]