|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu |
Date: | Sat, 07 Nov 2009 08:07:15 -0600 |
User-agent: | Thunderbird 2.0.0.23 (X11/20090825) |
Avi Kivity wrote:
On 11/07/2009 11:14 AM, Avi Kivity wrote:I'd welcome -net bridge as one of them. But we shouldn't try to invent access control systems or install suid helpers.We can make the helper a script that does exec sudo /the/real/helper "$@"so a user can add it to /etc/sudoers and get pre-authenticated configuration.
The key point of the helper here is that you pass an fd to a socketpair and you then receive an fd over that socket. What the helper does is really less important. Whether it's a script like you suggest or something like I proposed doesn't matter from a qemu perspective.
Whether the qemu-bridge-helper should live in qemu or somewhere else is a valid thing to discuss. In my next posting, I'll have things restructured to separate out the two so that they two series can be considered independently.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |