From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:36910)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1RtMp7-0002JR-SK
	for qemu-devel@nongnu.org; Fri, 03 Feb 2012 12:21:31 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1RtMp6-0001DH-Ez
	for qemu-devel@nongnu.org; Fri, 03 Feb 2012 12:21:21 -0500
Received: from e7.ny.us.ibm.com ([32.97.182.137]:33614)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1RtMp6-0001D3-8N
	for qemu-devel@nongnu.org; Fri, 03 Feb 2012 12:21:20 -0500
Received: from /spool/local
	by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <aliguori@us.ibm.com>;
	Fri, 3 Feb 2012 12:21:18 -0500
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236])
	by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 6AD296E8071
	for <qemu-devel@nongnu.org>; Fri,  3 Feb 2012 12:21:11 -0500 (EST)
Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170])
	by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	q13HLAoJ303406
	for <qemu-devel@nongnu.org>; Fri, 3 Feb 2012 12:21:10 -0500
Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1])
	by d03av04.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP
	id q13HL6MJ032473
	for <qemu-devel@nongnu.org>; Fri, 3 Feb 2012 10:21:09 -0700
Message-ID: <4F2C177E.3070600@us.ibm.com>
Date: Fri, 03 Feb 2012 11:21:02 -0600
From: Anthony Liguori <aliguori@us.ibm.com>
MIME-Version: 1.0
References: <1327588947-4906-1-git-send-email-coreyb@linux.vnet.ibm.com>
In-Reply-To: <1327588947-4906-1-git-send-email-coreyb@linux.vnet.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v8 0/4] -net bridge: rootless bridge
 support for qemu
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Corey Bryant <coreyb@linux.vnet.ibm.com>
Cc: rmarwah@linux.vnet.ibm.com, qemu-devel@nongnu.org

On 01/26/2012 08:42 AM, Corey Bryant wrote:
> With qemu it is possible to run a guest from an unprivileged user but if
> we wanted to communicate with the outside world we had to switch
> to root.
>
> We address this problem by introducing a new network backend and a new
> network option for -net tap.  This is less flexible when compared to
> existing -net tap options because it relies on a helper with elevated
> privileges to do the heavy lifting of allocating and attaching a tap
> device to a bridge.  We use a special purpose helper because we don't
> want to elevate the privileges of more generic tools like brctl.
>
> Qemu can be run with the default network helper as follows (in these cases
> attaching the tap device to the default br0 bridge):
>
>    qemu linux.img -net bridge -net nic,model=virtio
>
>    qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
>                   -net nic,model=virtio
>
>    qemu linux.img -netdev bridge,id=hn0
>                   -device virtio-net-pci,netdev=hn0,id=nic1
>
>    qemu linux.img -netdev tap,"helper=/usr/local/libexec/qemu-bridge-helper",id=hn0
>                   -device virtio-net-pci,netdev=hn0,id=nic1
>
> The default helper uses it's own ACL mechanism for access control, but
> future network helpers could be developed, for example, to support PolicyKit
> for access control.
>
> More details are included in individual patches.  The helper is broken into
> a series of patches to improve reviewabilty.

Applied.  Thanks.

Regards,

Anthony Liguori

>
> v2:
>   - Updated signed-off-by's
>   - Updated author's email
>   - Set default bridge to br0
>   - Added -net bridge
>   - Updated ACL example
>   - Moved from libcap to libcap-ng
>   - Fail helper when libcap-ng not configured
>
> v3:
>   - Use simple queue to store ACLs
>   - Added goto cleanup to helper's main
>   - Allow helper execution if libcap-ng not configured
>   - Completed static analysis and memory analysis on helper
>
> v4:
>   - Update has_vnet_hdr() to return bool
>   - Update helper's main() to prevent errno clobbering
>   - Let Kernel cleanup helper's file descriptors
>
> v5:
>   - Removed if statement with TUNGETIFF ioctl() from has_vnet_hdr()
>   - Added -netdev examples and udpated qemu -help netdev documentation
>   - Disallow vnet_hdr option with -net tap,helper
>
> v6:
>   - Fixed uninitialized variable (TAPState *s) in net_tap_init()
>
> v7:
>   - Added options --br= and --fd= to default network helper
>   - Updated -netdev tap,helper= to accept a command
>   - Removed br option from -netdev tap
>
> v8:
>   - Rebased on top of commit 5b4448d27d7c6ff6e18a1edc8245cb1db783e37c
>   - Rebase required changes in configure script for libcap-ng config
>
> Corey Bryant (4):
>    Add basic version of bridge helper
>    Add access control support to qemu bridge helper
>    Add cap reduction support to enable use as SUID
>    Add support for net bridge
>
>   Makefile             |   12 ++-
>   configure            |   37 +++++
>   net.c                |   25 +++-
>   net.h                |    3 +
>   net/tap.c            |  204 ++++++++++++++++++++++++-
>   net/tap.h            |    3 +
>   qemu-bridge-helper.c |  410 ++++++++++++++++++++++++++++++++++++++++++++++++++
>   qemu-options.hx      |   73 ++++++++--
>   8 files changed, 748 insertions(+), 19 deletions(-)
>   create mode 100644 qemu-bridge-helper.c
>