On Tue, 2009-11-03 at 18:28 -0600, Anthony Liguori wrote: > This series solves a problem that I've been struggling with for a few years > now. > One of the best things about qemu is that it's possible to run guests as an > unprivileged user to improve security. However, if you want to have your > guests > communicate with the outside world, you're pretty much forced to run qemu as > root. > > At least with KVM support, this is probably the most common use case which > means > that most of our users are running qemu as root. That's terrible.
Ack. > We address this problem by introducing a new network backend: -net bridge. > This > backend is less flexible than -net tap because it relies on a helper with > elevated privileges to do the heavy lifting of allocating and attaching a tap > device to a bridge. We use a special purpose helper because we don't want > to elevate the privileges of more generic tools like brctl. > > From a user perspective, to use bridged networking with a guest, you simply > use: > > qemu -hda linux.img -net bridge -net nic I know that this patch is less than a day old and untested, but would it be reasonable to make this the "default" network configuration at some point in the future? This certainly seems to be what I want 99% of the time when I launch qemu or kvm by hand from the command line. > And assuming a bridge is defined named qemubr0 and the administrator has setup > permissions accordingly, it will Just Work. My hope is that distributions > will > do this work as part of the qemu packaging process such that for most users, > the out-of-the-box experience will also Just Work. Also, ack. I'll handle the Ubuntu packaging to enable this support in Lucid by the time qemu-0.12-rc1 is available. As Alexander mentions, there's a bit more complexity we'll need to account for (wifi, network manager, multiple nic's). :-Dustin
signature.asc
Description: This is a digitally signed message part
