[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Re: [PATCH 0/4] net-bridge: rootless bridge support for qem
From: |
Dustin Kirkland |
Subject: |
[Qemu-devel] Re: [PATCH 0/4] net-bridge: rootless bridge support for qemu |
Date: |
Wed, 04 Nov 2009 16:40:42 -0600 |
On Tue, 2009-11-03 at 18:28 -0600, Anthony Liguori wrote:
> This series solves a problem that I've been struggling with for a few years
> now.
> One of the best things about qemu is that it's possible to run guests as an
> unprivileged user to improve security. However, if you want to have your
> guests
> communicate with the outside world, you're pretty much forced to run qemu as
> root.
>
> At least with KVM support, this is probably the most common use case which
> means
> that most of our users are running qemu as root. That's terrible.
Ack.
> We address this problem by introducing a new network backend: -net bridge.
> This
> backend is less flexible than -net tap because it relies on a helper with
> elevated privileges to do the heavy lifting of allocating and attaching a tap
> device to a bridge. We use a special purpose helper because we don't want
> to elevate the privileges of more generic tools like brctl.
>
> From a user perspective, to use bridged networking with a guest, you simply
> use:
>
> qemu -hda linux.img -net bridge -net nic
I know that this patch is less than a day old and untested, but would it
be reasonable to make this the "default" network configuration at some
point in the future? This certainly seems to be what I want 99% of the
time when I launch qemu or kvm by hand from the command line.
> And assuming a bridge is defined named qemubr0 and the administrator has setup
> permissions accordingly, it will Just Work. My hope is that distributions
> will
> do this work as part of the qemu packaging process such that for most users,
> the out-of-the-box experience will also Just Work.
Also, ack. I'll handle the Ubuntu packaging to enable this support in
Lucid by the time qemu-0.12-rc1 is available. As Alexander mentions,
there's a bit more complexity we'll need to account for (wifi, network
manager, multiple nic's).
:-Dustin
signature.asc
Description: This is a digitally signed message part
[Qemu-devel] Re: [PATCH 0/4] net-bridge: rootless bridge support for qemu,
Dustin Kirkland <=
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Jamie Lokier, 2009/11/04
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05