From: Richa Marwaha <rmarwah(a)linux.vnet.ibm.com>
QEMU has a new feature which allows QEMU to execute under an unprivileged user ID and
still be able to
add a tap device to a Linux network bridge. Below is the link to the QEMU patches for the
bridge helper
feature:
http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03562.html
The existing libvirt tap network device support for adding a tap device to a bridge
(-netdev tap) works
only when connected to a libvirtd instance running as the privileged system account
'root'.
When connected to a libvirtd instance running as an unprivileged user (ie. using the
session URI) creation of
the tap device fails as follows:
error: Failed to start domain F14_64 error: Unable to create tap device vnet%d: Operation
not permitted
With this support, creating a tap device in the above scenario will be possible.
Additionally, hot attaching
a tap device to a bridge while running when connected to a libvirtd instance running as an
unprivileged user
will be possible.
Richa Marwaha (3):
Add -netdev bridge capabilities
Add -netdev bridge support
apparmor: QEMU bridge helper policy updates
examples/apparmor/libvirt-qemu | 21 +++++++++++++-
src/qemu/qemu_capabilities.c | 13 ++++++--
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 61 ++++++++++++++++++++++++++++-----------
src/qemu/qemu_command.h | 2 +
src/qemu/qemu_hotplug.c | 31 ++++++++++++++------
6 files changed, 97 insertions(+), 32 deletions(-)