[libvirt] Interface script for qemu/kvm determinately fails?
Ryota Ozaki
ozaki.ryota at gmail.com
Thu Nov 12 22:02:56 UTC 2009
On Thu, Nov 12, 2009 at 8:20 PM, Daniel P. Berrange <berrange at redhat.com> wrote:
> On Tue, Nov 10, 2009 at 07:03:53PM +0900, Ryota Ozaki wrote:
>> Hi,
>>
>> I have a question about interface script (e.g., qemu-ifup) for qemu/kvm.
>> qemu/kvm is dropped its all capabilities by libcap-ng before executed.
>> So the script that is executed by qemu/kvm will fail if it executes
>> privileged operations which are usual jobs of it.
>>
>> It means we cannot use <script> anymore? or I'm missing something?
>
> That is correct.
>
>> I think executing the script in libvirtd after creating a tap and before
>> dropping capabilities would be a solution for that issue. Am I wrong?
>
> If we want to keep the 'script' capability, then that is pretty much the
> only option I see. Personally though I'd rather people never used the
> script capability because its an opaque blackbox doing who knows what
Honestly said, I was so ;-) but now I want to incorporate external networking
tools like Open vSwitch and such tools require own special command to
connect a tap with their bridge-like interface. Then I first attempted 'script'
feature and got the problem.
I think another way is that libvirt supports such tools inside like ebtables.
Is it appreciate to libvirt? If so, I'm welcome to do that.
Thanks,
ozaki-r
>
> Regards,
> Daniel
> --
> |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
>
More information about the libvir-list
mailing list