On Wed, Jun 19, 2024 at 06:21:29PM -0000, procmem@xxxxxxxxxx wrote: > Hi, we are trying to document a way for our users to run libvirt without > dnsmasq to reduce attack surface on the host. We are aware that the > default network uses it but plan to disable that and use our own custom > configured networks instead. Uninstalling dnsmasq causes libvirt to > refuse to start even if the default network is no longer running. > Is this possible or is this something that needs code changes upstream? The virtual network driver validates existance of dnsmasq at startup, but nothing requires you to actually run the virtual network driver, if you're intending to do your own thing with network setup. It sounds like you're using the old monolithic 'libvirtd' daemon. We always build libvirt with modules support, so all drivers are dlopen'd on startup. Thus if you're not intending to use the libvirt virtual network feature, simply don't install its modyle, and then libvirtd will see the module doesn't exist, and skip the dlopen. If you're using the new modular daemons, then even if installed, the virtnetworkd daemon won't get launched unless some guest is configured to use it. So if you're intending to setup network bridges yourself, virtnetworkd shouldn't run. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
