Re: [libvirt] [PATCH 3/5] qemu_conf: add new configuration key bridge_helper
On 04/18/2013 11:35 AM, Laine Stump wrote:
> +# Path to the setuid helper for creating tap devices. This
executable
> +# is used to create <source type='bridge'> interfaces when libvirtd
is
> +# running unprivileged. libvirt invokes the helper directly, instead
> +# of using "-netdev bridge", for security reasons.
> +#bridge_helper = "/usr/libexec/qemu-bridge-helper"
> +
> +
Are we sure we want to allow this to be configured? That could lead to
some "interesting" troubleshooting incidents :-)
About the only time it would be configured is if qemu is installed in an
alternate location.
On the other hand, I guess the path to qemu itself is right there in the
domain config file, so how much worse could this be...
Yeah, sometimes we've got to just trust the user to not be insane.
ACK. (But I'd like at least one other ACK from someone else due to the
fact that this is polluting the config namespace with something we would
like to eventually eliminate.)
Even if we add a way for libvirt to get the tap device without depending
on qemu's helper program, we'll have to leave the config item present
(so we don't reject an older .conf file as invalid), but we can then
ignore the entry at that point. I can live with this change going in,
so I agree with your ACK, and have pushed it.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)