[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qem
From: |
Avi Kivity |
Subject: |
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu |
Date: |
Thu, 05 Nov 2009 16:33:43 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4pre) Gecko/20091014 Fedora/3.0-2.8.b4.fc11 Thunderbird/3.0b4 |
On 11/04/2009 02:28 AM, Anthony Liguori wrote:
This series solves a problem that I've been struggling with for a few years now.
One of the best things about qemu is that it's possible to run guests as an
unprivileged user to improve security. However, if you want to have your guests
communicate with the outside world, you're pretty much forced to run qemu as
root.
Only is you run an unmanaged system.
At least with KVM support, this is probably the most common use case which means
that most of our users are running qemu as root. That's terrible.
Most of our users run managed systems.
We address this problem by introducing a new network backend: -net bridge. This
backend is less flexible than -net tap because it relies on a helper with
elevated privileges to do the heavy lifting of allocating and attaching a tap
device to a bridge. We use a special purpose helper because we don't want
to elevate the privileges of more generic tools like brctl.
But you're essentially allowing any user to send packets through the
physical interface. Including, say, nobody (who's just broken in
through an unrelated service).
From a user perspective, to use bridged networking with a guest, you simply
use:
qemu -hda linux.img -net bridge -net nic
And assuming a bridge is defined named qemubr0 and the administrator has setup
permissions accordingly, it will Just Work. My hope is that distributions will
do this work as part of the qemu packaging process such that for most users,
the out-of-the-box experience will also Just Work.
For most distributions, the ootb experience is already much better than
running qemu on the command line. I'm not sure who we're optimizing for
here, and concerned that we're loosening security for qemu non-users.
--
error compiling committee.c: too many arguments to function
- [Qemu-devel] Re: [PATCH 0/4] net-bridge: rootless bridge support for qemu, (continued)
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu,
Avi Kivity <=
- Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05
- Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Daniel P. Berrange, 2009/11/05
- Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
- Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Jamie Lokier, 2009/11/05
- Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Daniel P. Berrange, 2009/11/05
- Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Jamie Lokier, 2009/11/05
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Anthony Liguori, 2009/11/05
Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu, Avi Kivity, 2009/11/05