[libvirt] Interface script for qemu/kvm determinately fails?
Daniel P. Berrange
berrange at redhat.com
Thu Nov 12 11:20:10 UTC 2009
On Tue, Nov 10, 2009 at 07:03:53PM +0900, Ryota Ozaki wrote:
> Hi,
>
> I have a question about interface script (e.g., qemu-ifup) for qemu/kvm.
> qemu/kvm is dropped its all capabilities by libcap-ng before executed.
> So the script that is executed by qemu/kvm will fail if it executes
> privileged operations which are usual jobs of it.
>
> It means we cannot use <script> anymore? or I'm missing something?
That is correct.
> I think executing the script in libvirtd after creating a tap and before
> dropping capabilities would be a solution for that issue. Am I wrong?
If we want to keep the 'script' capability, then that is pretty much the
only option I see. Personally though I'd rather people never used the
script capability because its an opaque blackbox doing who knows what
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list