[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [Patch v3 0/3] Add QEMU network helper support

libvir-list-bounces redhat com wrote on 08/06/2012 11:18:31 AM:

> From:

> Laine Stump <laine laine org>

> To:

> libvir-list redhat com

> Date:

> 08/06/2012 11:27 AM

> Subject:

> Re: [libvirt] [Patch v3 0/3] Add QEMU network helper support

> Sent by:

> libvir-list-bounces redhat com

> On 08/06/2012 10:56 AM, Michal Privoznik wrote:
> > On 03.08.2012 22:33, rmarwah linux vnet ibm com wrote:
> >> From: Richa Marwaha <rmarwah linux vnet ibm com>
> >>
> >> QEMU has a new feature which allows QEMU to execute under an
> unprivileged user ID and still be able to
> >> add a tap device to a Linux network bridge.
> >> [...]
> > So I've went ahead, reviewed, ACKed and pushed whole series.
> > I suggest is worth adding some kind of documentation (either a wiki
> > page, or mention it somewhere in docs/ docs/drvqemu.html.in perhaps?) -
> > how to set up bridge-helper.
> Yes, it's a bit odd to figure out the right place to document it, since
> there is no setup done within libvirt - libvirt just silently takes
> advantage of it if it's there.
> By the way, I had earlier expressed concern about the eventuality that
> we support bridged networking for non-privileged users directly within
> libvirt (via a separate libvirt-networkd and policykit), and the case
> where someone had a working config using the qemu helper - I was worried
> that this person's setup might stop working as a result of the upgrade
> which changed to the newer method of setting up the network (e.g. if
> something needed to be configured to allow that user access via
> policykit, and hadn't been done yet). Since then I've realized that we
> can handle that problem by continuing to fall back to the qemu helper
> when this (for now mythical) new method fails. That removes my only
> concern about this series.
> Another issue though - a patch for AppArmor has been included, but I'm
> unclear of whether this needs something done for selinux (either in
> libvirt itself, or in selinux-policy). Does somebody have the updated
> qemu installed on a system with selinux enabled, and could you give it a
> try?

selinux already has the policies to allow qemu helper , here is the link to the patch adding the policies


It will be upstream in Fedora.


> --
> libvir-list mailing list
> libvir-list redhat com
> https://www.redhat.com/mailman/listinfo/libvir-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]