[libvirt] Interface script for qemu/kvm determinately fails?

Hi, I have a question about interface script (e.g., qemu-ifup) for qemu/kvm. qemu/kvm is dropped its all capabilities by libcap-ng before executed. So the script that is executed by qemu/kvm will fail if it executes privileged operations which are usual jobs of it. It means we cannot use <script> anymore? or I'm missing something? I think executing the script in libvirtd after creating a tap and before dropping capabilities would be a solution for that issue. Am I wrong? Thanks, ozaki-r