[libvirt] [Patch v3 0/3] Add QEMU network helper support

rmarwah at linux.vnet.ibm.com rmarwah at linux.vnet.ibm.com
Mon Aug 6 15:26:11 UTC 2012 

Quoting Michal Privoznik <mprivozn at redhat.com>:

> On 03.08.2012 22:33, rmarwah at linux.vnet.ibm.com wrote:
>> From: Richa Marwaha <rmarwah at linux.vnet.ibm.com>
>>
>> QEMU has a new feature which allows QEMU to execute under an  
>> unprivileged user ID and still be able to
>> add a tap device to a Linux network bridge. Below is the link to  
>> the QEMU patches for the bridge helper
>> feature:
>>
>> http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03562.html
>>
>> The existing libvirt tap network device support for adding a tap  
>> device to a bridge (-netdev tap) works
>> only when connected to a libvirtd instance running as the  
>> privileged system account 'root'.
>> When connected to a libvirtd instance running as an unprivileged  
>> user (ie. using the session URI) creation of
>> the tap device fails as follows:
>>
>> error: Failed to start domain F14_64 error: Unable to create tap  
>> device vnet%d: Operation not permitted
>>
>> With this support, creating a tap device in the above scenario will  
>> be possible.  Additionally, hot attaching
>> a tap device to a bridge while running when connected to a libvirtd  
>> instance running as an unprivileged user
>> will be possible.
>>
>> Richa Marwaha (3):
>>   Add -netdev bridge capabilities
>>   Add -netdev bridge support
>>   apparmor: QEMU bridge helper policy updates
>>
>>  AUTHORS                        |    1 +
>>  examples/apparmor/libvirt-qemu |   21 ++++++++++++++-
>>  src/qemu/qemu_capabilities.c   |   13 ++++++---
>>  src/qemu/qemu_capabilities.h   |    1 +
>>  src/qemu/qemu_command.c        |   57  
>> +++++++++++++++++++++++++++++----------
>>  src/qemu/qemu_command.h        |    2 +
>>  src/qemu/qemu_hotplug.c        |   31 ++++++++++++++-------
>>  tests/qemuhelptest.c           |    3 +-
>>  8 files changed, 98 insertions(+), 31 deletions(-)
>>
>
> So I've went ahead, reviewed, ACKed and pushed whole series.
> I suggest is worth adding some kind of documentation (either a wiki
> page, or mention it somewhere in docs/ docs/drvqemu.html.in perhaps?) -
> how to set up bridge-helper. But I am okay if that's a follow up patch.
> It's not a show stopper after all.
>
Thanks a lot Michal for reviewing n pushing the patches. We have the  
following wiki
which gives the information on how to set up bridge-helper

http://wiki.qemu.org/Features/HelperNetworking

Regards
Richa
> Michal

More information about the libvir-list mailing list