On 6/19/24 18:30, Daniel P. Berrangé wrote:
On Wed, Jun 19, 2024 at 06:21:29PM -0000, procmem(a)riseup.net wrote:
> Hi, we are trying to document a way for our users to run libvirt without
> dnsmasq to reduce attack surface on the host. We are aware that the
> default network uses it but plan to disable that and use our own custom
> configured networks instead. Uninstalling dnsmasq causes libvirt to
> refuse to start even if the default network is no longer running.
> Is this possible or is this something that needs code changes upstream?
The virtual network driver validates existance of dnsmasq at startup,
but nothing requires you to actually run the virtual network driver,
if you're intending to do your own thing with network setup.
It sounds like you're using the old monolithic 'libvirtd' daemon. We
always build libvirt with modules support, so all drivers are dlopen'd
on startup.
How to check that?
Thus if you're not intending to use the libvirt virtual network
feature,
simply don't install its modyle, and then libvirtd will see the module
doesn't exist, and skip the dlopen.
That sounds like something people would do who compile from source code?
We're using libvirtd (9.0.0-4) from Debian package sources. [1]
If you're using the new modular daemons, then even if installed,
the
virtnetworkd daemon won't get launched unless some guest is configured
to use it. So if you're intending to setup network bridges yourself,
virtnetworkd shouldn't run.
That is libvirtd 9.x or 10.x?
Is there a chance that something is wrong with the libvirtd compilation
settings by Debian's packaging?
[1]
packages.debian.org/bookworm/libvirt-daemon