Re: [libvirt] [PATCH v3 2/2] qemu: Automaticly create tap device for VIR_DOMAIN_NET_TYPE_ETHERNET
On 12/05/2014 04:18 AM, Daniel P. Berrange wrote:
On Fri, Dec 05, 2014 at 12:12:46PM +0100, Michal Privoznik wrote:
> From: Vasiliy Tolstov <v.tolstov(a)selfip.ru>
>
> If a user doesn't specify script in network type ethernet, assume
> that he/she needs a simple tap device created by libvirt. This
> commit does not need to run external script to create tap device
> or add root to qemu process. Moreover, some functions need to be
> mocked now for qemuxml2argvtest, e.g. virNetDevTapCreate() or
> virNetDevSetOnline().
Hmm, even if the user does provide a script, perhaps libvirt could
create the TAP device *and* run the script itself. This would finally
allow us to run QEMU unprivileged with type=ethernet in all cases.
eg take QEMU entirely out of the picture for NIC setup
Don't we still have to mark things as tainted, and be careful that
executing an arbitrary script is not going to hose the host if a
less-privileged user (such as via fine-grained ACLs) passes a suspicious
script?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 539 bytes)