From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N6tVk-0000oP-Fg
	for qemu-devel@nongnu.org; Sat, 07 Nov 2009 17:11:56 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N6tVf-0000np-5A
	for qemu-devel@nongnu.org; Sat, 07 Nov 2009 17:11:55 -0500
Received: from [199.232.76.173] (port=45251 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N6tVe-0000nm-Vl
	for qemu-devel@nongnu.org; Sat, 07 Nov 2009 17:11:51 -0500
Received: from mail-yx0-f188.google.com ([209.85.210.188]:33434)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1N6tVe-00087l-Ls
	for qemu-devel@nongnu.org; Sat, 07 Nov 2009 17:11:50 -0500
Received: by yxe26 with SMTP id 26so1754215yxe.4
	for <qemu-devel@nongnu.org>; Sat, 07 Nov 2009 14:11:49 -0800 (PST)
Message-ID: <4AF5F0A2.8050309@codemonkey.ws>
Date: Sat, 07 Nov 2009 16:11:46 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 4/4] Add support for -net bridge
References: <1257294485-27015-1-git-send-email-aliguori@us.ibm.com>	<1257294485-27015-5-git-send-email-aliguori@us.ibm.com>
	<1257614967.30774.424.camel@macbook.infradead.org>
In-Reply-To: <1257614967.30774.424.camel@macbook.infradead.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Mark McLoughlin <markmc@redhat.com>, Anthony Liguori <aliguori@us.ibm.com>, Arnd Bergmann <arndbergmann@googlemail.com>, Dustin Kirkland <kirkland@canonical.com>, Michael Tsirkin <mst@redhat.com>, Juan Quintela <quintela@redhat.com>, qemu-devel@nongnu.org

David Woodhouse wrote:
> On Tue, 2009-11-03 at 18:28 -0600, Anthony Liguori wrote:
>   
>> The most common use of -net tap is to connect a tap device to a bridge.  This
>> requires the use of a script and running qemu as root in order to allocate a
>> tap device to pass to the script. 
>>     
>
> Does it?
>
> Tap devices can be created (and configured) in advance, and can be
> chowned so that they can be opened by an otherwise unprivileged user (or
> group).

But that requires prior administrative access.

>  You don't need root privileges to use a tap device.
>   

You can access a preconfigured tap device but you cannot allocate a tap 
device and connect it to a bridge without CAP_NET_ADMIN.

Regards,

Anthony Liguori