From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:46320) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RLI3d-0007bd-IC for qemu-devel@nongnu.org; Tue, 01 Nov 2011 13:23:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RLI3X-0008Bo-NN for qemu-devel@nongnu.org; Tue, 01 Nov 2011 13:23:29 -0400 Received: from e8.ny.us.ibm.com ([32.97.182.138]:54611) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RLI3X-0008Bf-IF for qemu-devel@nongnu.org; Tue, 01 Nov 2011 13:23:23 -0400 Received: from /spool/local by e8.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 1 Nov 2011 13:14:36 -0400 Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215]) by d01relay03.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id pA1HE1dk128600 for ; Tue, 1 Nov 2011 13:14:01 -0400 Received: from d01av01.pok.ibm.com (loopback [127.0.0.1]) by d01av01.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id pA1HDxWD029464 for ; Tue, 1 Nov 2011 13:14:00 -0400 From: Corey Bryant Date: Tue, 1 Nov 2011 13:13:54 -0400 Message-Id: <1320167638-8895-1-git-send-email-coreyb@linux.vnet.ibm.com> Subject: [Qemu-devel] [PATCH v4 0/4] -net bridge: rootless bridge support for qemu List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: aliguori@us.ibm.com, rmarwah@linux.vnet.ibm.com With qemu it is possible to run a guest from an unprivileged user but if we wanted to communicate with the outside world we had to switch to root. We address this problem by introducing a new network backend and a new network option for -net tap. This is less flexible when compared to existing -net tap options because it relies on a helper with elevated privileges to do the heavy lifting of allocating and attaching a tap device to a bridge. We use a special purpose helper because we don't want to elevate the privileges of more generic tools like brctl. Qemu can be run with the default network helper as follows (in these cases attaching the tap device to the default br0 bridge): qemu -hda linux.img -net bridge -net nic or: qemu -hda linux.img -net tap,helper=/usr/local/libexec/qemu-bridge-helper -net nic The default helper uses it's own ACL mechanism for access control, but future network helpers could be developed, for example, to support PolicyKit for access control. More details are included in individual patches. The helper is broken into a series of patches to improve reviewabilty. v2: - Updated signed-off-by's - Updated author's email - Set default bridge to br0 - Added -net bridge - Updated ACL example - Moved from libcap to libcap-ng - Fail helper when libcap-ng not configured v3: - Use simple queue to store ACLs - Added goto cleanup to helper's main - Allow helper execution if libcap-ng not configured - Completed static analysis and memory analysis on helper v4: - Update has_vnet_hdr() to return bool - Update helper's main() to prevent errno clobbering - Let Kernel cleanup helper's file descriptors Corey Bryant (4): Add basic version of bridge helper Add access control support to qemu bridge helper Add cap reduction support to enable use as SUID Add support for net bridge Makefile | 12 ++- configure | 37 +++++ net.c | 29 ++++- net.h | 3 + net/tap.c | 190 ++++++++++++++++++++++- net/tap.h | 3 + qemu-bridge-helper.c | 407 ++++++++++++++++++++++++++++++++++++++++++++++++++ qemu-options.hx | 73 ++++++++-- 8 files changed, 731 insertions(+), 23 deletions(-) create mode 100644 qemu-bridge-helper.c -- 1.7.3.4