Anthony Liguori wrote:
At least with KVM support, this is probably the most common use case
which means that most of our users are running qemu as root. That's
terrible.
I've been using KVM for a year or so with bridged networking,
without needing to run it as root.
So there's obviously been some bad advice floating around :-)
What I do is have tun interfaces owned by the user...
We address this problem by introducing a new network backend: -net bridge. This
backend is less flexible than -net tap because it relies on a helper with
elevated privileges to do the heavy lifting of allocating and attaching a tap
device to a bridge. We use a special purpose helper because we don't want
to elevate the privileges of more generic tools like brctl.
I think it's a great idea.
It would be even more useful if the "bridge setup" and "bridge
teardown" helper commands could be specified as qemu options, and
eventually as config file entries, in the same way as script= and
downscript= are already.
That way it would be useful for all sorts of network configurations
where a user-allocatable tap+bridge interface is needed.
You can do it now by wrapping _around_ qemu using the -net tap,fd=N
option, but calling a helper to get assigned a tap interface is much neater.
By the way, would it make sense for the helper to return an open file
descriptor rather than an interface name, just like -net tap,fd=N
uses? Or does qemu need to access the interface by name anyway?