|
From: | Avi Kivity |
Subject: | Re: [Qemu-devel] [PATCH 4/4] Add support for -net bridge |
Date: | Sun, 08 Nov 2009 10:55:03 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4pre) Gecko/20091014 Fedora/3.0-2.8.b4.fc11 Thunderbird/3.0b4 |
On 11/08/2009 10:43 AM, Arnd Bergmann wrote:
btw, shouldn't we, in the general case, create a bridge per user and use IP NAT? If we have a global bridge, users can spoof each other's MAC addresses and interfere with their virtual machines. They can also interfere with the real network. That's not a concern with most one-user-per-machine configurations, but the default configuration should be safe.It also depends a lot on what you want to do with the virtual machine. If you want to run a game or a legacy application in a different operating system on your desktop, a NATed bridge is ideal, but it does not work on a server if the guest wants to listen on a socket with its own IP address.
Yes. It also depends on what the system administrator wants you to be able to do. On desktop machines you are usually the system administrator so there is no problem. But we should beware of making it easy to subvert security.
There is also the problem of accidental MAC overlap - qemu uses the same MAC address for all virtual machines unless overridden, so if two users create a virtual machine without specifying MAC addresses they will trample each other. A single user could also have trouble launching two guests; that's not a security problem, but will lead to a lot of annoyance and false bug reports ("networking dies as soon as I launch a second guest").
-- error compiling committee.c: too many arguments to function
[Prev in Thread] | Current Thread | [Next in Thread] |