qemu_conf: add new configuration key bridge_helper

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 91f5f772a7d176afcea91430e8b9af90d3e6eff0..61740a914669f5329908a5c8fb69c90792637590 100644 (file)
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -60,6 +60,7 @@ module Libvirtd_qemu =
 
    let process_entry = str_entry "hugetlbfs_mount"
                  | bool_entry "clear_emulator_capabilities"
+                 | str_entry "bridge_helper"
                  | bool_entry "set_process_name"
                  | int_entry "max_processes"
                  | int_entry "max_files"

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index dd853c82966104bdc07dbc0548b73ce188991a2a..87bdf70d8dd07688938b77806e5ed20207b1b679 100644 (file)
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -301,6 +301,14 @@
 #hugetlbfs_mount = "/dev/hugepages"
 
 
+# Path to the setuid helper for creating tap devices.  This executable
+# is used to create <source type='bridge'> interfaces when libvirtd is
+# running unprivileged.  libvirt invokes the helper directly, instead
+# of using "-netdev bridge", for security reasons.
+#bridge_helper = "/usr/libexec/qemu-bridge-helper"
+
+
+
 # If clear_emulator_capabilities is enabled, libvirt will drop all
 # privileged capabilities of the QEmu/KVM emulator. This is enabled by
 # default.

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 06bc4d3e1ebcd6f24b93c5df0a31e5750ce96e48..e9a3407ea10fdc4f649a7c78bc43be070ad63123 100644 (file)
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -241,6 +241,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
         }
     }
 #endif
+    cfg->bridgeHelperName = strdup("/usr/libexec/qemu-bridge-helper");
 
     cfg->clearEmulatorCapabilities = true;
 
@@ -290,6 +291,7 @@ static void virQEMUDriverConfigDispose(void *obj)
 
     VIR_FREE(cfg->hugetlbfsMount);
     VIR_FREE(cfg->hugepagePath);
+    VIR_FREE(cfg->bridgeHelperName);
 
     VIR_FREE(cfg->saveImageFormat);
     VIR_FREE(cfg->dumpImageFormat);
@@ -497,6 +499,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
     GET_VALUE_BOOL("auto_start_bypass_cache", cfg->autoStartBypassCache);
 
     GET_VALUE_STR("hugetlbfs_mount", cfg->hugetlbfsMount);
+    GET_VALUE_STR("bridge_helper", cfg->bridgeHelperName);
 
     GET_VALUE_BOOL("mac_filter", cfg->macFilter);
 

diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index bac9bf73d0b786075b3be0e3ec3803f683bd9dda..77d3d2f34936a173588d47c680849c36f67511e1 100644 (file)
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -116,6 +116,7 @@ struct _virQEMUDriverConfig {
 
     char *hugetlbfsMount;
     char *hugepagePath;
+    char *bridgeHelperName;
 
     bool macFilter;
 

diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 289220457c71fc81bda6beeba3f5cb0be622f202..0aec9977debfd544c9e349d70baff717867e5e12 100644 (file)
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -49,6 +49,7 @@ module Test_libvirtd_qemu =
 { "auto_dump_bypass_cache" = "0" }
 { "auto_start_bypass_cache" = "0" }
 { "hugetlbfs_mount" = "/dev/hugepages" }
+{ "bridge_helper" = "/usr/libexec/qemu-bridge-helper" }
 { "clear_emulator_capabilities" = "1" }
 { "set_process_name" = "1" }
 { "max_processes" = "0" }