From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1N6hpe-0005mW-Fl for qemu-devel@nongnu.org; Sat, 07 Nov 2009 04:43:42 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1N6hpZ-0005m4-3U for qemu-devel@nongnu.org; Sat, 07 Nov 2009 04:43:41 -0500 Received: from [199.232.76.173] (port=43319 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1N6hpY-0005m1-UG for qemu-devel@nongnu.org; Sat, 07 Nov 2009 04:43:36 -0500 Received: from mx1.redhat.com ([209.132.183.28]:26557) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1N6hpY-0004Q6-Eb for qemu-devel@nongnu.org; Sat, 07 Nov 2009 04:43:36 -0500 Message-ID: <4AF5413F.3020301@redhat.com> Date: Sat, 07 Nov 2009 11:43:27 +0200 From: Avi Kivity MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu References: <1257294485-27015-1-git-send-email-aliguori@us.ibm.com> <20091105163702.GC21630@shareable.org> <4AF30129.7080203@us.ibm.com> <200911051820.48878.arnd@arndb.de> <4AF3154F.8090901@redhat.com> <4AF32E78.1040103@us.ibm.com> <4AF3CED1.7080207@redhat.com> <4AF43064.9080007@us.ibm.com> <4AF53A6E.6050304@redhat.com> In-Reply-To: <4AF53A6E.6050304@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: Mark McLoughlin , Arnd Bergmann , Arnd Bergmann , Juan Quintela , Dustin Kirkland , qemu-devel@nongnu.org, Michael Tsirkin On 11/07/2009 11:14 AM, Avi Kivity wrote: > I'd welcome -net bridge as one of them. But we shouldn't try to > invent access control systems or install suid helpers. We can make the helper a script that does exec sudo /the/real/helper "$@" so a user can add it to /etc/sudoers and get pre-authenticated configuration. -- Do not meddle in the internals of kernels, for they are subtle and quick to panic.