xenbits.xensource.com Git - libvirt.git/commit

author	Paolo Bonzini <pbonzini@redhat.com>
	Sat, 20 Apr 2013 09:11:25 +0000 (11:11 +0200)
committer	Eric Blake <eblake@redhat.com>
	Fri, 26 Apr 2013 21:37:51 +0000 (15:37 -0600)
commit	2d80fbb14dffa45fe3fcd2c3f29ce54857bb766c
tree	e848193d5f6de58366b1914e477408dc3a83c251	tree
parent	740d98a17d0505d0be6cbf8385af8896a2455eca	commit \| diff

qemu: launch bridge helper from libvirtd

<source type='bridge'> uses a helper application to do the necessary
TUN/TAP setup to use an existing network bridge, thus letting
unprivileged users use TUN/TAP interfaces.

However, libvirt should be preventing QEMU from running any setuid
programs at all, which would include this helper program. From
a security POV, any setuid helper needs to be run by libvirtd itself,
not QEMU.

This is what this patch does. libvirt now invokes the setuid helper,
gets the TAP fd and then passes it to QEMU in the normal manner.
The path to the helper is specified in qemu.conf.

As a small advantage, this adds a <target dev='tap0'/> element to the
XML of an active domain using <interface type='bridge'>.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

src/qemu/qemu_command.c		diff \| blob \| blame \| history
src/qemu/qemu_command.h		diff \| blob \| blame \| history
src/qemu/qemu_hotplug.c		diff \| blob \| blame \| history