Re: [libvirt PATCH 00/28] native support for nftables in virtual network driver
On Fri, Jun 14, 2024 at 04:41:25AM -0700, Andrea Bolognani wrote:
On Thu, Jun 13, 2024 at 08:00:32PM GMT, Roman Bogorodskiy wrote:
> Andrea Bolognani wrote:
> > Honestly I'm not entirely sure it makes much sense to have the
> > network driver and especially the default network if you need to
> > bring your own firewall rules, but that can be a separate discussion.
>
> Hm, I think the network driver is quite usable without QEMU, e.g. I use
> it with bhyve.
Okay, I didn't realize that was an option.
Which leads me to open a different can of worms then: if libvirt
networks can be used with drivers other than QEMU, wouldn't it make
sense for their configuration to live in /etc/libvirt/network instead
of /etc/libvirt/qemu/networks? How difficult would it be to adopt the
new path without breaking existing setups?
We can deal with the upgrade path easily enough. On startup, if the
new location is empty, and the old location has files, then move
the files to the new location.
Downgrading libvirt will be broken, but so be it, we've never
guaranteed that to work.
I kinda wish we'd moved this a decade ago :-) The next best time
is of course today.
I think its especially beneficial now we have split modular daemons,
as it would let us write SELinux policy for virtnetworkd which does
not clash with virtqemud, or require privileges over the /etc/libvirt/qemu
directory.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|