[libvirt] [PATCH 3/5] qemu_conf: add new configuration key bridge_helper
Eric Blake
eblake at redhat.com
Thu Apr 18 21:06:53 UTC 2013
On 04/18/2013 11:35 AM, Laine Stump wrote:
>> +# Path to the setuid helper for creating tap devices. This executable
>> +# is used to create <source type='bridge'> interfaces when libvirtd is
>> +# running unprivileged. libvirt invokes the helper directly, instead
>> +# of using "-netdev bridge", for security reasons.
>> +#bridge_helper = "/usr/libexec/qemu-bridge-helper"
>> +
>> +
>
> Are we sure we want to allow this to be configured? That could lead to
> some "interesting" troubleshooting incidents :-)
About the only time it would be configured is if qemu is installed in an
alternate location.
>
> On the other hand, I guess the path to qemu itself is right there in the
> domain config file, so how much worse could this be...
Yeah, sometimes we've got to just trust the user to not be insane.
>
> ACK. (But I'd like at least one other ACK from someone else due to the
> fact that this is polluting the config namespace with something we would
> like to eventually eliminate.)
Even if we add a way for libvirt to get the tap device without depending
on qemu's helper program, we'll have to leave the config item present
(so we don't reject an older .conf file as invalid), but we can then
ignore the entry at that point. I can live with this change going in,
so I agree with your ACK, and have pushed it.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130418/ab6a6edd/attachment-0001.sig>
More information about the libvir-list
mailing list