[libvirt] [Patch v3 0/3] Add QEMU network helper support
rmarwah at linux.vnet.ibm.com
rmarwah at linux.vnet.ibm.com
Mon Aug 6 15:26:11 UTC 2012
Quoting Michal Privoznik <mprivozn at redhat.com>:
> On 03.08.2012 22:33, rmarwah at linux.vnet.ibm.com wrote:
>> From: Richa Marwaha <rmarwah at linux.vnet.ibm.com>
>>
>> QEMU has a new feature which allows QEMU to execute under an
>> unprivileged user ID and still be able to
>> add a tap device to a Linux network bridge. Below is the link to
>> the QEMU patches for the bridge helper
>> feature:
>>
>> http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03562.html
>>
>> The existing libvirt tap network device support for adding a tap
>> device to a bridge (-netdev tap) works
>> only when connected to a libvirtd instance running as the
>> privileged system account 'root'.
>> When connected to a libvirtd instance running as an unprivileged
>> user (ie. using the session URI) creation of
>> the tap device fails as follows:
>>
>> error: Failed to start domain F14_64 error: Unable to create tap
>> device vnet%d: Operation not permitted
>>
>> With this support, creating a tap device in the above scenario will
>> be possible. Additionally, hot attaching
>> a tap device to a bridge while running when connected to a libvirtd
>> instance running as an unprivileged user
>> will be possible.
>>
>> Richa Marwaha (3):
>> Add -netdev bridge capabilities
>> Add -netdev bridge support
>> apparmor: QEMU bridge helper policy updates
>>
>> AUTHORS | 1 +
>> examples/apparmor/libvirt-qemu | 21 ++++++++++++++-
>> src/qemu/qemu_capabilities.c | 13 ++++++---
>> src/qemu/qemu_capabilities.h | 1 +
>> src/qemu/qemu_command.c | 57
>> +++++++++++++++++++++++++++++----------
>> src/qemu/qemu_command.h | 2 +
>> src/qemu/qemu_hotplug.c | 31 ++++++++++++++-------
>> tests/qemuhelptest.c | 3 +-
>> 8 files changed, 98 insertions(+), 31 deletions(-)
>>
>
> So I've went ahead, reviewed, ACKed and pushed whole series.
> I suggest is worth adding some kind of documentation (either a wiki
> page, or mention it somewhere in docs/ docs/drvqemu.html.in perhaps?) -
> how to set up bridge-helper. But I am okay if that's a follow up patch.
> It's not a show stopper after all.
>
Thanks a lot Michal for reviewing n pushing the patches. We have the
following wiki
which gives the information on how to set up bridge-helper
http://wiki.qemu.org/Features/HelperNetworking
Regards
Richa
> Michal
More information about the libvir-list
mailing list