Re: Running libvirt without dnsmasq

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 6/19/24 18:30, Daniel P. Berrangé wrote:
On Wed, Jun 19, 2024 at 06:21:29PM -0000, procmem@xxxxxxxxxx wrote:
Hi, we are trying to document a way for our users to run libvirt without
dnsmasq to reduce attack surface on the host. We are aware that the
default network uses it but plan to disable that and use our own custom
configured networks instead. Uninstalling dnsmasq causes libvirt to
refuse to start even if the default network is no longer running.
Is this possible or is this something that needs code changes upstream?

The virtual network driver validates existance of dnsmasq at startup,
but nothing requires you to actually run the virtual network driver,
if you're intending to do your own thing with network setup.

It sounds like you're using the old monolithic 'libvirtd' daemon. We
always build libvirt with modules support, so all drivers are dlopen'd
on startup.


How to check that?

Thus if you're not intending to use the libvirt virtual network feature,
simply don't install its modyle, and then libvirtd will see the module
doesn't exist, and skip the dlopen.


That sounds like something people would do who compile from source code?

We're using libvirtd (9.0.0-4) from Debian package sources. [1]

If you're using the new modular daemons, then even if installed, the
virtnetworkd daemon won't get launched unless some guest is configured
to use it. So if you're intending to setup network bridges yourself,
virtnetworkd shouldn't run.

That is libvirtd 9.x or 10.x?

Is there a chance that something is wrong with the libvirtd compilation settings by Debian's packaging?

[1] packages.debian.org/bookworm/libvirt-daemon




[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux