[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4 0/4] -net bridge: rootless bridge support for
From: |
Zhi Yong Wu |
Subject: |
Re: [Qemu-devel] [PATCH v4 0/4] -net bridge: rootless bridge support for qemu |
Date: |
Tue, 8 Nov 2011 14:46:04 +0800 |
Why do you not develop one helper to set up bridge env for qemu guests
when the host have no bridge interface?
On Wed, Nov 2, 2011 at 1:13 AM, Corey Bryant <address@hidden> wrote:
> With qemu it is possible to run a guest from an unprivileged user but if
> we wanted to communicate with the outside world we had to switch
> to root.
>
> We address this problem by introducing a new network backend and a new
> network option for -net tap. This is less flexible when compared to
> existing -net tap options because it relies on a helper with elevated
> privileges to do the heavy lifting of allocating and attaching a tap
> device to a bridge. We use a special purpose helper because we don't
> want to elevate the privileges of more generic tools like brctl.
>
> Qemu can be run with the default network helper as follows (in these cases
> attaching the tap device to the default br0 bridge):
>
> qemu -hda linux.img -net bridge -net nic
> or:
> qemu -hda linux.img -net tap,helper=/usr/local/libexec/qemu-bridge-helper
> -net nic
>
> The default helper uses it's own ACL mechanism for access control, but
> future network helpers could be developed, for example, to support PolicyKit
> for access control.
>
> More details are included in individual patches. The helper is broken into
> a series of patches to improve reviewabilty.
>
> v2:
> - Updated signed-off-by's
> - Updated author's email
> - Set default bridge to br0
> - Added -net bridge
> - Updated ACL example
> - Moved from libcap to libcap-ng
> - Fail helper when libcap-ng not configured
>
> v3:
> - Use simple queue to store ACLs
> - Added goto cleanup to helper's main
> - Allow helper execution if libcap-ng not configured
> - Completed static analysis and memory analysis on helper
>
> v4:
> - Update has_vnet_hdr() to return bool
> - Update helper's main() to prevent errno clobbering
> - Let Kernel cleanup helper's file descriptors
>
> Corey Bryant (4):
> Add basic version of bridge helper
> Add access control support to qemu bridge helper
> Add cap reduction support to enable use as SUID
> Add support for net bridge
>
> Makefile | 12 ++-
> configure | 37 +++++
> net.c | 29 ++++-
> net.h | 3 +
> net/tap.c | 190 ++++++++++++++++++++++-
> net/tap.h | 3 +
> qemu-bridge-helper.c | 407
> ++++++++++++++++++++++++++++++++++++++++++++++++++
> qemu-options.hx | 73 ++++++++--
> 8 files changed, 731 insertions(+), 23 deletions(-)
> create mode 100644 qemu-bridge-helper.c
>
> --
> 1.7.3.4
>
>
>
--
Regards,
Zhi Yong Wu
- [Qemu-devel] [PATCH v4 3/4] Add cap reduction support to enable use as SUID, (continued)
Re: [Qemu-devel] [PATCH v4 0/4] -net bridge: rootless bridge support for qemu,
Zhi Yong Wu <=