From 8e724e9f3eab08ff1bef96ce1b3319558a86176b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Thu, 5 Feb 2015 13:40:11 +0100
Subject: [PATCH] Error out when custom tap device path makes no sense

It is only usable for NETWORK and BRIDGE type interfaces.
Error out when trying to start a domain where the custom
tap device path is specified for interfaces of other types,
or when the daemon is not privileged.

Note that this cannot be checked at definition time, because
the comparison is against actual type.

https://bugzilla.redhat.com/show_bug.cgi?id=1147195
---
 docs/formatdomain.html.in |  5 +++--
 src/qemu/qemu_command.c   | 17 ++++++++++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 18e472220e..679194f4cc 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4144,8 +4144,9 @@ qemu-kvm -net nic,model=? /dev/null
       For tuning the backend of the network, the <code>backend</code> element
       can be used. The <code>vhost</code> attribute can override the default vhost
       device path (<code>/dev/vhost-net</code>) for devices with <code>virtio</code> model.
-      Supported attributes are <code>tap</code> and <code>vhost</code>,
-      allowing to override the default devices for creating tap and vhost devices.
+      The <code>tap</code> attribute overrides the tun/tap device path (default:
+      <code>/dev/net/tun</code>) for network and bridge interfaces. This does not work
+      in session mode.
     </p>
     <h5><a name="elementsNICSTargetOverride">Overriding the target element</a></h5>
 
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 3b6eddcd5c..06a59d015f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -299,8 +299,14 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
     const char *tunpath = "/dev/net/tun";
 
-    if (net->backend.tap)
+    if (net->backend.tap) {
         tunpath = net->backend.tap;
+        if (!cfg->privileged) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("cannot use custom tap device in session mode"));
+            goto cleanup;
+        }
+    }
 
     if (!(brname = virDomainNetGetActualBridgeName(net))) {
         virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing bridge name"));
@@ -7721,6 +7727,15 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd,
         return -1;
     }
 
+    if (net->backend.tap &&
+        !(actualType == VIR_DOMAIN_NET_TYPE_NETWORK ||
+          actualType == VIR_DOMAIN_NET_TYPE_BRIDGE)) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("Custom tap device path is not supported for: %s"),
+                       virDomainNetTypeToString(actualType));
+        return -1;
+    }
+
     if (actualType == VIR_DOMAIN_NET_TYPE_NETWORK ||
         actualType == VIR_DOMAIN_NET_TYPE_BRIDGE) {
         tapfdSize = net->driver.virtio.queues;