From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1N65HF-00074r-Rm for qemu-devel@nongnu.org; Thu, 05 Nov 2009 11:33:37 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1N65HA-0006x3-Nd for qemu-devel@nongnu.org; Thu, 05 Nov 2009 11:33:37 -0500 Received: from [199.232.76.173] (port=54110 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1N65HA-0006wn-Gp for qemu-devel@nongnu.org; Thu, 05 Nov 2009 11:33:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:6721) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1N65HA-0000zN-29 for qemu-devel@nongnu.org; Thu, 05 Nov 2009 11:33:32 -0500 Message-ID: <4AF2FE57.2080700@redhat.com> Date: Thu, 05 Nov 2009 18:33:27 +0200 From: Avi Kivity MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu References: <1257294485-27015-1-git-send-email-aliguori@us.ibm.com> <4AF2E247.3090409@redhat.com> <4AF2E7CE.8010506@us.ibm.com> <4AF2EB17.8090202@redhat.com> <4AF2F7E9.50300@us.ibm.com> <4AF2FA2A.4060500@redhat.com> <4AF2FC88.5030303@us.ibm.com> In-Reply-To: <4AF2FC88.5030303@us.ibm.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: Mark McLoughlin , Arnd Bergmann , Dustin Kirkland , Juan Quintela , qemu-devel@nongnu.org, Michael Tsirkin On 11/05/2009 06:25 PM, Anthony Liguori wrote: >> That's not the case today, even with virt-manager. > > > I'm not going to pick on any particular tool, but kvm absolutely has a > reputation of being difficult to use compared to other virtualization > software out there. Nothing else requires modifying configuration > files just to get a guest with bridged networking. The two management tools I'm familiar with (virt-manager and RHEV-M) don't need configuration files. It's true that virt-manager does NAT, not full bridging, but -net bridge doesn't fix that. >>> I think we absolutely have to think about the full stack and how all >>> the pieces interact. There are definitely problems in the stack >>> right now. Security is the one I'm trying to address in this >>> series. If you cannot launch a reasonable configured qemu from the >>> command line as an unprivileged user, there's really no hope that we >>> can expect a management tool to do that. >> >> I'm almost offended on Dan's behalf. > > We'll I guess it's about perspectives then. I don't see the fact that > libvirt runs qemu as root as a libvirt deficiency. I see it as a qemu > deficiency. I don't understand why. It's pretty easy to run qemu as non-root. >>> I suspect there isn't a management tool out there that does the >>> right thing today. >> > I suspected as much based on how strongly you were advocating this. You're a little too suspicious. RHEV-H has nothing to do with my opposition to -net bridge. > I think my point still stands though, there's an awful lot of > management software out there that gets it wrong. It's great that you > guys got it right but so far, the majority of users are not using qemu > through RHEV-M so I still think we have a problem. I'm worrying that we're transforming one problem into two different ones. Expanding the scope of qemu, and making it more difficult to use advanced networking functionality. -- error compiling committee.c: too many arguments to function