[Qemu-devel] [PATCH 0/4] -net tap: rootless bridge support for qemu

[Richa Marwaha]

With qemu it possible to run guest with unprivileged user but if
we wanted to communicate with the outside world we had to switch
to root.

We address this problem by introducing a new network option.This
option is less flexible as compare to other -net tap options because
it relies on a helper with elevated privileges to do the heavy lifting
of allocating and attaching a tap device to a bridge.  We use a special
purpose helper because we don't want to elevate the privileges of more
generic tools like brctl.

Qemu can be run with the default network helper as follows (in
this case attaching the tap device to the default qemubr0 bridge):

     qemu -hda linux.img -net tap,helper=/usr/local/libexec/qemu-bridge-helper 
-net nic

We're not overly thrilled with having to spell out the helper file name,
however we didn't want to regress any current behavior of -net tap.
Additionally, we feel that this support makes sense in the -net tap backend.
Any suggestions to improve on this are more than welcome.

The default helper uses it's own ACL mechanism for access control,but
future network helpers could be developed, for example, to support PolicyKit
for access control.

More details are included in individual patches.The helper is broken into
a series of patches to improve reviewabilty.

Richa Marwaha (4):
  Add basic version of bridge helper
  Add access control support to qemu-bridge-helper
  Add cap reduction support to enable use as SUID
  Add support for bridge

 Makefile             |   12 ++-
 configure            |   37 +++++
 net.c                |    8 +
 net.h                |    2 +
 net/tap.c            |  150 ++++++++++++++++++-
 qemu-bridge-helper.c |  402 ++++++++++++++++++++++++++++++++++++++++++++++++++
 qemu-options.hx      |   48 +++++--
 7 files changed, 637 insertions(+), 22 deletions(-)
 create mode 100644 qemu-bridge-helper.c