[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Re: [PATCH 0/4] net-bridge: rootless bridge support for qem

From: Mark McLoughlin
Subject: [Qemu-devel] Re: [PATCH 0/4] net-bridge: rootless bridge support for qemu
Date: Thu, 05 Nov 2009 10:00:05 -0500

On Tue, 2009-11-03 at 18:28 -0600, Anthony Liguori wrote:
> We address this problem by introducing a new network backend: -net bridge.  
> This
> backend is less flexible than -net tap because it relies on a helper with
> elevated privileges to do the heavy lifting of allocating and attaching a tap
> device to a bridge.  We use a special purpose helper because we don't want
> to elevate the privileges of more generic tools like brctl.

Just had a quick look through so far, but I like it.

I think it would make sense to move Fedora and libvirt to using this,
even for the system libvirtd.

Agree with danpb that we should hook in PolicyKit for the authorization
checking. It'd be nice to setup the PolicyKit auth on a per-bridge
basis, but we could try and figure that out later. A global auth would
be enough to begin with, falling back to the ACL files.

Also, I think the vnet_hdr and sndbuf arguments are valid for -net
bridge too


reply via email to

[Prev in Thread] Current Thread [Next in Thread]