On 04/18/2013 11:35 AM, Laine Stump wrote: >> +# Path to the setuid helper for creating tap devices. This executable >> +# is used to create <source type='bridge'> interfaces when libvirtd is >> +# running unprivileged. libvirt invokes the helper directly, instead >> +# of using "-netdev bridge", for security reasons. >> +#bridge_helper = "/usr/libexec/qemu-bridge-helper" >> + >> + > > Are we sure we want to allow this to be configured? That could lead to > some "interesting" troubleshooting incidents :-) About the only time it would be configured is if qemu is installed in an alternate location. > > On the other hand, I guess the path to qemu itself is right there in the > domain config file, so how much worse could this be... Yeah, sometimes we've got to just trust the user to not be insane. > > ACK. (But I'd like at least one other ACK from someone else due to the > fact that this is polluting the config namespace with something we would > like to eventually eliminate.) Even if we add a way for libvirt to get the tap device without depending on qemu's helper program, we'll have to leave the config item present (so we don't reject an older .conf file as invalid), but we can then ignore the entry at that point. I can live with this change going in, so I agree with your ACK, and have pushed it. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list