[libvirt] [PATCH 2/2] qemu: launch bridge helper from libvirtd
Daniel P. Berrange
berrange at redhat.com
Mon Apr 22 11:05:24 UTC 2013
On Sat, Apr 20, 2013 at 11:11:25AM +0200, Paolo Bonzini wrote:
> <source type='bridge'> uses a helper application to do the necessary
> TUN/TAP setup to use an existing network bridge, thus letting
> unprivileged users use TUN/TAP interfaces.
>
> However, libvirt should be preventing QEMU from running any setuid
> programs at all, which would include this helper program. From
> a security POV, any setuid helper needs to be run by libvirtd itself,
> not QEMU.
>
> This is what this patch does. libvirt now invokes the setuid helper,
> gets the TAP fd and then passes it to QEMU in the normal manner.
> The path to the helper is specified in qemu.conf.
>
> As a small advantage, this adds a <target dev='tap0'/> element to the
> XML of an active domain using <interface type='bridge'>.
That's very good because it allows the network interfaces stats
API to work
> Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
> ---
> src/qemu/qemu_command.c | 133 +++++++++++++++++++++++++++++++++++-------------
> src/qemu/qemu_command.h | 1 -
> src/qemu/qemu_hotplug.c | 25 +++------
> 3 files changed, 106 insertions(+), 53 deletions(-)
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list