On Wed, Jun 19, 2024 at 06:21:29PM -0000, procmem(a)riseup.net wrote:
Hi, we are trying to document a way for our users to run libvirt
without
dnsmasq to reduce attack surface on the host. We are aware that the
default network uses it but plan to disable that and use our own custom
configured networks instead. Uninstalling dnsmasq causes libvirt to
refuse to start even if the default network is no longer running.
Is this possible or is this something that needs code changes upstream?
The virtual network driver validates existance of dnsmasq at startup,
but nothing requires you to actually run the virtual network driver,
if you're intending to do your own thing with network setup.
It sounds like you're using the old monolithic 'libvirtd' daemon. We
always build libvirt with modules support, so all drivers are dlopen'd
on startup.
Thus if you're not intending to use the libvirt virtual network feature,
simply don't install its modyle, and then libvirtd will see the module
doesn't exist, and skip the dlopen.
If you're using the new modular daemons, then even if installed, the
virtnetworkd daemon won't get launched unless some guest is configured
to use it. So if you're intending to setup network bridges yourself,
virtnetworkd shouldn't run.
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|