qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v4 0/4] -net bridge: rootless bridge support for


From: Zhi Yong Wu
Subject: Re: [Qemu-devel] [PATCH v4 0/4] -net bridge: rootless bridge support for qemu
Date: Tue, 8 Nov 2011 14:46:04 +0800

Why do you not develop one helper to set up bridge env for qemu guests
when the host have no bridge interface?

On Wed, Nov 2, 2011 at 1:13 AM, Corey Bryant <address@hidden> wrote:
> With qemu it is possible to run a guest from an unprivileged user but if
> we wanted to communicate with the outside world we had to switch
> to root.
>
> We address this problem by introducing a new network backend and a new
> network option for -net tap.  This is less flexible when compared to
> existing -net tap options because it relies on a helper with elevated
> privileges to do the heavy lifting of allocating and attaching a tap
> device to a bridge.  We use a special purpose helper because we don't
> want to elevate the privileges of more generic tools like brctl.
>
> Qemu can be run with the default network helper as follows (in these cases
> attaching the tap device to the default br0 bridge):
>
>     qemu -hda linux.img -net bridge -net nic
> or:
>     qemu -hda linux.img -net tap,helper=/usr/local/libexec/qemu-bridge-helper 
> -net nic
>
> The default helper uses it's own ACL mechanism for access control, but
> future network helpers could be developed, for example, to support PolicyKit
> for access control.
>
> More details are included in individual patches.  The helper is broken into
> a series of patches to improve reviewabilty.
>
> v2:
>  - Updated signed-off-by's
>  - Updated author's email
>  - Set default bridge to br0
>  - Added -net bridge
>  - Updated ACL example
>  - Moved from libcap to libcap-ng
>  - Fail helper when libcap-ng not configured
>
> v3:
>  - Use simple queue to store ACLs
>  - Added goto cleanup to helper's main
>  - Allow helper execution if libcap-ng not configured
>  - Completed static analysis and memory analysis on helper
>
> v4:
>  - Update has_vnet_hdr() to return bool
>  - Update helper's main() to prevent errno clobbering
>  - Let Kernel cleanup helper's file descriptors
>
> Corey Bryant (4):
>  Add basic version of bridge helper
>  Add access control support to qemu bridge helper
>  Add cap reduction support to enable use as SUID
>  Add support for net bridge
>
>  Makefile             |   12 ++-
>  configure            |   37 +++++
>  net.c                |   29 ++++-
>  net.h                |    3 +
>  net/tap.c            |  190 ++++++++++++++++++++++-
>  net/tap.h            |    3 +
>  qemu-bridge-helper.c |  407 
> ++++++++++++++++++++++++++++++++++++++++++++++++++
>  qemu-options.hx      |   73 ++++++++--
>  8 files changed, 731 insertions(+), 23 deletions(-)
>  create mode 100644 qemu-bridge-helper.c
>
> --
> 1.7.3.4
>
>
>



-- 
Regards,

Zhi Yong Wu



reply via email to

[Prev in Thread] Current Thread [Next in Thread]