From: Corey Bryant <coreyb@linux.vnet.ibm.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Anthony Liguori <aliguori@us.ibm.com>,
Richa Marwaha <rmarwah@linux.vnet.ibm.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 4/4] Add support for bridge
Date: Thu, 06 Oct 2011 14:24:52 -0400 [thread overview]
Message-ID: <4E8DF274.9000502@linux.vnet.ibm.com> (raw)
In-Reply-To: <4E8DF141.4060007@codemonkey.ws>
On 10/06/2011 02:19 PM, Anthony Liguori wrote:
> On 10/06/2011 01:15 PM, Corey Bryant wrote:
>>
>>
>> On 10/06/2011 01:49 PM, Anthony Liguori wrote:
>>> On 10/06/2011 10:38 AM, Richa Marwaha wrote:
>>>> The most common use of -net tap is to connect a tap device to a
>>>> bridge. This
>>>> requires the use of a script and running qemu as root in order to
>>>> allocate a
>>>> tap device to pass to the script.
>>>>
>>>> This model is great for portability and flexibility but it's incredibly
>>>> difficult to eliminate the need to run qemu as root. The only really
>>>> viable
>>>> mechanism is to use tunctl to create a tap device, attach it to a
>>>> bridge as
>>>> root, and then hand that tap device to qemu. The problem with this
>>>> mechanism
>>>> is that it requires administrator intervention whenever a user wants
>>>> to create
>>>> a guest.
>>>>
>>>> By essentially writing a helper that implements the most common
>>>> qemu-ifup
>>>> script that can be safely given cap_net_admin, we can dramatically
>>>> simplify
>>>> things for non-privileged users. We still support existing -net tap
>>>> options
>>>> as a mechanism for advanced users and backwards compatibility.
>>>>
>>>> Currently, this is very Linux centric but there's really no reason
>>>> why it
>>>> couldn't be extended for other Unixes.
>>>>
>>>> The default bridge that we attach to is qemubr0. The thinking is that
>>>> a distro
>>>> could preconfigure such an interface to allow out-of-the-box bridged
>>>> networking.
>>>>
>>>> Alternatively, if a user wants to use a different bridge, they can say:
>>>>
>>>> qemu-hda linux.img -net
>>>> tap,br=br0,helper=/usr/local/libexec/qemu-bridge-helper
>>>> -net nic,model=virtio
>>>
>>>
>>> Wouldn't it be better to make the syntax:
>>>
>>> -net bridge[,br=BRIDGE][,helper=HELPER]
>>>
>>> And default BRIDGE to br0 and HELPER to
>>> ${prefix}/libexec/qemu-bridge-helper ?
>>>
>>> That gives distros a proper way to configure a default bridge making
>>> -net bridge Just Work for most people.
>>>
>>> Regards,
>>>
>>> Anthony Liguori
>>>
>>
>> Yes I think it would be much more usable under -net bridge. I really
>> wanted this
>> to work under -net tap (where fd and init are) but now we know there's
>> no good
>> way to default to the helper without spelling out the path.
>
> I'm certainly in favor of leaving helper as part of -net tap, but I
> think there should be a -net bridge in addition.
>
> Regards,
>
> Anthony Liguori
Ok, yes. The best of both worlds.
--
Regards,
Corey
prev parent reply other threads:[~2011-10-06 18:25 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-06 15:38 [Qemu-devel] [PATCH 0/4] -net tap: rootless bridge support for qemu Richa Marwaha
2011-10-06 15:38 ` [Qemu-devel] [PATCH 1/4] Add basic version of bridge helper Richa Marwaha
2011-10-06 16:41 ` Daniel P. Berrange
2011-10-06 18:04 ` Anthony Liguori
2011-10-06 18:38 ` Corey Bryant
2011-10-07 9:04 ` Daniel P. Berrange
2011-10-07 14:40 ` Corey Bryant
2011-10-07 14:45 ` Daniel P. Berrange
2011-10-07 14:51 ` Corey Bryant
2011-10-07 14:52 ` Corey Bryant
2011-10-06 17:44 ` Anthony Liguori
2011-10-06 18:10 ` Corey Bryant
2011-10-06 15:38 ` [Qemu-devel] [PATCH 2/4] Add access control support to qemu-bridge-helper Richa Marwaha
2011-10-06 15:38 ` [Qemu-devel] [PATCH 3/4] Add cap reduction support to enable use as SUID Richa Marwaha
2011-10-06 16:34 ` Daniel P. Berrange
2011-10-06 17:42 ` Anthony Liguori
2011-10-06 18:05 ` Corey Bryant
2011-10-06 18:08 ` Corey Bryant
2011-10-06 15:38 ` [Qemu-devel] [PATCH 4/4] Add support for bridge Richa Marwaha
2011-10-06 17:49 ` Anthony Liguori
2011-10-06 18:15 ` Corey Bryant
2011-10-06 18:19 ` Anthony Liguori
2011-10-06 18:24 ` Corey Bryant [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8DF274.9000502@linux.vnet.ibm.com \
--to=coreyb@linux.vnet.ibm.com \
--cc=aliguori@us.ibm.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
--cc=rmarwah@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.