[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libvir] Re: Proposal: More script hooks for <interface type='ethernet'>

Daniel P. Berrange wrote:
Being able to specify an qemu-ifdown script is reasonable, since we already
support an qemu-ifup script, but I don't want to just add that without a clearer understanding of exactly what type of network config you are
trying to achieve. So rather than describing a desired implementation can
you describe the deployment scenario / level of network connectivity you're
trying to provide.

I want similar behavior to <interface type='ethernet'/> with no tap device precreated, in a scenario where CAP_NET_ADMIN (not just write access to /dev/net/tun) is necessary to create new tap devices and kvm isn't running as root.

Is that an adequate description, or do I need to expand? I'm using my ifup script to select a bridge to connect to (and actually create that connection), and the ifdown script to clean up unused tap devices; these scripts use sudo where necessary. The problem, though, is that these scripts can't create the tap device themselves, so they can't use sudo for that.

So -- just a bridge (or, rather, a selection of one of a few bridges), but with the tap devices dynamically created in a situation where privilege escalation is necessary for that device creation.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]