[libvirt] [PATCH 1/3] Attempt to load tun module on tap add error

Chris Lalancette clalance at redhat.com
Thu Aug 5 19:21:34 UTC 2010


On 08/05/10 - 02:12:36PM, Doug Goldstein wrote:
> When attempting to add a tap device, the error message is fairly cryptic
> as to what really happened. If possible, try to load the tun module and
> then try again to add the tap device again to improve the user
> experience.
> 
> Signed-off-by: Doug Goldstein <cardoe at gentoo.org>
> ---
>  src/util/bridge.c |   21 +++++++++++++++++++--
>  1 files changed, 19 insertions(+), 2 deletions(-)
> 
> diff --git a/src/util/bridge.c b/src/util/bridge.c
> index 7d0caae..ca4bcc9 100644
> --- a/src/util/bridge.c
> +++ b/src/util/bridge.c
> @@ -486,12 +486,29 @@ brAddTap(brControl *ctl,
>  {
>      int fd;
>      struct ifreq ifr;
> +    const char * const argv[] = { "modprobe", "tun", NULL };
> +    int err, exitstatus = 0;

Hm, I can't say I like this.  Libvirt really shouldn't be in the business
of loading kernel modules (I know, we actually do this in the pci passthrough
code, but I don't think we should).  Besides being pretty gross, this will
cause havoc with security policies (like SELinux): you'll need to make the
security module allow libvirtd the ability to modprobe any module, which means
that any flaw in libvirtd turns into a possible system-wide compromise.

-- 
Chris Lalancette




More information about the libvir-list mailing list