On 03.08.2012 22:33, rmarwah(a)linux.vnet.ibm.com wrote:
> From: Richa Marwaha <rmarwah(a)linux.vnet.ibm.com>
>
> QEMU has a new feature which allows QEMU to execute under an
> unprivileged user ID and still be able to
> add a tap device to a Linux network bridge. Below is the link to
> the QEMU patches for the bridge helper
> feature:
>
>
http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03562.html
>
> The existing libvirt tap network device support for adding a tap
> device to a bridge (-netdev tap) works
> only when connected to a libvirtd instance running as the
> privileged system account 'root'.
> When connected to a libvirtd instance running as an unprivileged
> user (ie. using the session URI) creation of
> the tap device fails as follows:
>
> error: Failed to start domain F14_64 error: Unable to create tap
> device vnet%d: Operation not permitted
>
> With this support, creating a tap device in the above scenario will
> be possible. Additionally, hot attaching
> a tap device to a bridge while running when connected to a libvirtd
> instance running as an unprivileged user
> will be possible.
>
> Richa Marwaha (3):
> Add -netdev bridge capabilities
> Add -netdev bridge support
> apparmor: QEMU bridge helper policy updates
>
> AUTHORS | 1 +
> examples/apparmor/libvirt-qemu | 21 ++++++++++++++-
> src/qemu/qemu_capabilities.c | 13 ++++++---
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_command.c | 57
> +++++++++++++++++++++++++++++----------
> src/qemu/qemu_command.h | 2 +
> src/qemu/qemu_hotplug.c | 31 ++++++++++++++-------
> tests/qemuhelptest.c | 3 +-
> 8 files changed, 98 insertions(+), 31 deletions(-)
>
So I've went ahead, reviewed, ACKed and pushed whole series.
I suggest is worth adding some kind of documentation (either a wiki
page, or mention it somewhere in docs/ docs/drvqemu.html.in perhaps?) -
how to set up bridge-helper. But I am okay if that's a follow up patch.
It's not a show stopper after all.
Thanks a lot Michal for reviewing n pushing the patches. We have the
following wiki
which gives the information on how to set up bridge-helper