Error out when custom tap device path makes no sense

It is only usable for NETWORK and BRIDGE type interfaces.
Error out when trying to start a domain where the custom
tap device path is specified for interfaces of other types,
or when the daemon is not privileged.

Note that this cannot be checked at definition time, because
the comparison is against actual type.

https://bugzilla.redhat.com/show_bug.cgi?id=1147195

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 18e472220e01f05065adeb436338f550d8f9aead..679194f4cc3feba649ce5466703a6ceecf9504ee 100644 (file)
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4144,8 +4144,9 @@ qemu-kvm -net nic,model=? /dev/null
       For tuning the backend of the network, the <code>backend</code> element
       can be used. The <code>vhost</code> attribute can override the default vhost
       device path (<code>/dev/vhost-net</code>) for devices with <code>virtio</code> model.
-      Supported attributes are <code>tap</code> and <code>vhost</code>,
-      allowing to override the default devices for creating tap and vhost devices.
+      The <code>tap</code> attribute overrides the tun/tap device path (default:
+      <code>/dev/net/tun</code>) for network and bridge interfaces. This does not work
+      in session mode.
     </p>
     <h5><a name="elementsNICSTargetOverride">Overriding the target element</a></h5>
 

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 3b6eddcd5c7da1a64eb4ebcaf727ecc1f209cc1f..06a59d015f1e3bd3d6bc21eea9b492e7578a3c8f 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -299,8 +299,14 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
     const char *tunpath = "/dev/net/tun";
 
-    if (net->backend.tap)
+    if (net->backend.tap) {
         tunpath = net->backend.tap;
+        if (!cfg->privileged) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("cannot use custom tap device in session mode"));
+            goto cleanup;
+        }
+    }
 
     if (!(brname = virDomainNetGetActualBridgeName(net))) {
         virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing bridge name"));
@@ -7721,6 +7727,15 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd,
         return -1;
     }
 
+    if (net->backend.tap &&
+        !(actualType == VIR_DOMAIN_NET_TYPE_NETWORK ||
+          actualType == VIR_DOMAIN_NET_TYPE_BRIDGE)) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("Custom tap device path is not supported for: %s"),
+                       virDomainNetTypeToString(actualType));
+        return -1;
+    }
+
     if (actualType == VIR_DOMAIN_NET_TYPE_NETWORK ||
         actualType == VIR_DOMAIN_NET_TYPE_BRIDGE) {
         tapfdSize = net->driver.virtio.queues;