[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [Patch v2 0/3] Add QEMU network helper support



From: Richa Marwaha <rmarwah linux vnet ibm com>

QEMU has a new feature which allows QEMU to execute under an unprivileged user ID and still be able to
add a tap device to a Linux network bridge. Below is the link to the QEMU patches for the bridge helper
feature:

http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03562.html

The existing libvirt tap network device support for adding a tap device to a bridge (-netdev tap) works
only when connected to a libvirtd instance running as the privileged system account 'root'.
When connected to a libvirtd instance running as an unprivileged user (ie. using the session URI) creation of
the tap device fails as follows:

error: Failed to start domain F14_64 error: Unable to create tap device vnet%d: Operation not permitted

With this support, creating a tap device in the above scenario will be possible.  Additionally, hot attaching
a tap device to a bridge while running when connected to a libvirtd instance running as an unprivileged user
will be possible.

Richa Marwaha (3):
  Add -netdev bridge capabilities
  Add -netdev bridge support
  apparmor: QEMU bridge helper policy updates

 examples/apparmor/libvirt-qemu |   21 +++++++++++++-
 src/qemu/qemu_capabilities.c   |   13 ++++++--
 src/qemu/qemu_capabilities.h   |    1 +
 src/qemu/qemu_command.c        |   61 ++++++++++++++++++++++++++++-----------
 src/qemu/qemu_command.h        |    2 +
 src/qemu/qemu_hotplug.c        |   31 ++++++++++++++------
 6 files changed, 97 insertions(+), 32 deletions(-)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]