On 10/06/2011 10:38 AM, Richa Marwaha wrote:
The most common use of -net tap is to connect a tap device to a
bridge. This
requires the use of a script and running qemu as root in order to
allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really
viable
mechanism is to use tunctl to create a tap device, attach it to a
bridge as
root, and then hand that tap device to qemu. The problem with this
mechanism
is that it requires administrator intervention whenever a user wants
to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically
simplify
things for non-privileged users. We still support existing -net tap
options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
The default bridge that we attach to is qemubr0. The thinking is that
a distro
could preconfigure such an interface to allow out-of-the-box bridged
networking.
Alternatively, if a user wants to use a different bridge, they can say:
qemu-hda linux.img -net
tap,br=br0,helper=/usr/local/libexec/qemu-bridge-helper
-net nic,model=virtio
Wouldn't it be better to make the syntax:
-net bridge[,br=BRIDGE][,helper=HELPER]
And default BRIDGE to br0 and HELPER to
${prefix}/libexec/qemu-bridge-helper ?
That gives distros a proper way to configure a default bridge making
-net bridge Just Work for most people.
Regards,
Anthony Liguori