From 78d7c3c569b1f56e668a031a5c2a86a79cc326ad Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 25 Mar 2013 15:25:30 +0100 Subject: [PATCH] qemu_conf: add new configuration key bridge_helper Signed-off-by: Paolo Bonzini --- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 8 ++++++++ src/qemu/qemu_conf.c | 3 +++ src/qemu/qemu_conf.h | 1 + src/qemu/test_libvirtd_qemu.aug.in | 1 + 5 files changed, 14 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 91f5f772a7..61740a9146 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -60,6 +60,7 @@ module Libvirtd_qemu = let process_entry = str_entry "hugetlbfs_mount" | bool_entry "clear_emulator_capabilities" + | str_entry "bridge_helper" | bool_entry "set_process_name" | int_entry "max_processes" | int_entry "max_files" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index dd853c8296..87bdf70d8d 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -301,6 +301,14 @@ #hugetlbfs_mount = "/dev/hugepages" +# Path to the setuid helper for creating tap devices. This executable +# is used to create interfaces when libvirtd is +# running unprivileged. libvirt invokes the helper directly, instead +# of using "-netdev bridge", for security reasons. +#bridge_helper = "/usr/libexec/qemu-bridge-helper" + + + # If clear_emulator_capabilities is enabled, libvirt will drop all # privileged capabilities of the QEmu/KVM emulator. This is enabled by # default. diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 06bc4d3e1e..e9a3407ea1 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -241,6 +241,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged) } } #endif + cfg->bridgeHelperName = strdup("/usr/libexec/qemu-bridge-helper"); cfg->clearEmulatorCapabilities = true; @@ -290,6 +291,7 @@ static void virQEMUDriverConfigDispose(void *obj) VIR_FREE(cfg->hugetlbfsMount); VIR_FREE(cfg->hugepagePath); + VIR_FREE(cfg->bridgeHelperName); VIR_FREE(cfg->saveImageFormat); VIR_FREE(cfg->dumpImageFormat); @@ -497,6 +499,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg, GET_VALUE_BOOL("auto_start_bypass_cache", cfg->autoStartBypassCache); GET_VALUE_STR("hugetlbfs_mount", cfg->hugetlbfsMount); + GET_VALUE_STR("bridge_helper", cfg->bridgeHelperName); GET_VALUE_BOOL("mac_filter", cfg->macFilter); diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index bac9bf73d0..77d3d2f349 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -116,6 +116,7 @@ struct _virQEMUDriverConfig { char *hugetlbfsMount; char *hugepagePath; + char *bridgeHelperName; bool macFilter; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in index 289220457c..0aec9977de 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -49,6 +49,7 @@ module Test_libvirtd_qemu = { "auto_dump_bypass_cache" = "0" } { "auto_start_bypass_cache" = "0" } { "hugetlbfs_mount" = "/dev/hugepages" } +{ "bridge_helper" = "/usr/libexec/qemu-bridge-helper" } { "clear_emulator_capabilities" = "1" } { "set_process_name" = "1" } { "max_processes" = "0" }