[libvirt] [PATCH 2/2] qemu: launch bridge helper from libvirtd

[Daniel P. Berrange]

On Sat, Apr 20, 2013 at 11:11:25AM +0200, Paolo Bonzini wrote:
> <source type='bridge'> uses a helper application to do the necessary
> TUN/TAP setup to use an existing network bridge, thus letting
> unprivileged users use TUN/TAP interfaces.
> 
> However, libvirt should be preventing QEMU from running any setuid
> programs at all, which would include this helper program.  From
> a security POV, any setuid helper needs to be run by libvirtd itself,
> not QEMU.
> 
> This is what this patch does.  libvirt now invokes the setuid helper,
> gets the TAP fd and then passes it to QEMU in the normal manner.
> The path to the helper is specified in qemu.conf.
> 
> As a small advantage, this adds a <target dev='tap0'/> element to the
> XML of an active domain using <interface type='bridge'>.

That's very good because it allows the network interfaces stats
API to work

> Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
> ---
>  src/qemu/qemu_command.c | 133 +++++++++++++++++++++++++++++++++++-------------
>  src/qemu/qemu_command.h |   1 -
>  src/qemu/qemu_hotplug.c |  25 +++------
>  3 files changed, 106 insertions(+), 53 deletions(-)

ACK

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|