On Sat, Apr 20, 2013 at 11:11:25AM +0200, Paolo Bonzini wrote: > <source type='bridge'> uses a helper application to do the necessary > TUN/TAP setup to use an existing network bridge, thus letting > unprivileged users use TUN/TAP interfaces. > > However, libvirt should be preventing QEMU from running any setuid > programs at all, which would include this helper program. From > a security POV, any setuid helper needs to be run by libvirtd itself, > not QEMU. > > This is what this patch does. libvirt now invokes the setuid helper, > gets the TAP fd and then passes it to QEMU in the normal manner. > The path to the helper is specified in qemu.conf. > > As a small advantage, this adds a <target dev='tap0'/> element to the > XML of an active domain using <interface type='bridge'>. That's very good because it allows the network interfaces stats API to work > Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> > --- > src/qemu/qemu_command.c | 133 +++++++++++++++++++++++++++++++++++------------- > src/qemu/qemu_command.h | 1 - > src/qemu/qemu_hotplug.c | 25 +++------ > 3 files changed, 106 insertions(+), 53 deletions(-) ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list