Ken Moffat wrote:
On Tue, Dec 02, 2014 at 01:28:26PM -0600, Bruce Dubbs wrote:
Pierre Labastie wrote:
When using "-net tap" + bridging:
As said in the book, you can make the VM appear as a machine on the
local network, allowing two-way accesses. The only reason for not using
it, is that qemu, ip and brctl need to be setgid and as noted wy the OP,
their capabilities have to be changed using setcap. Otherwise, running
qemu as root is possible too.
sgid isn't enough. ip and brctl need to have root (or network
capabilities). qemu will not run if it is suid. I'll also not that the
root (or /usr) partition needs to have the acl,user_xattr options set to use
setcap.
I was just searching for something else, and came across
http://wiki.qemu.org/Features-Done/HelperNetworking - not sure if
the 'Setup' section there [ /etc/qemu/bridge.conf ] will help.
That's interesting. Checking the man page, I see an entry for that, but
there a couple of issues I see.
First there doesn't seem to be much difference between -net and -netdev
-netdev bridge,id=id [,br=bridge][,helper=helper]
-net bridge[,vlan=n][,name=name][,br=bridge][,helper=helper]
(my formatting)
I'm not sure what id and name are supposed to be. I suspect the vlan is
only necessary if you have multiple instances that you want to keep on
separate lan instances.
The man pages says
"The default network helper executable is /path/to/qemu-bridge-helper"
That's not helpful. I searched the source to find
include/net/net.h:#define DEFAULT_BRIDGE_HELPER CONFIG_QEMU_HELPERDIR
"/qemu-bridge-helper"
but I couldn't find where CONFIG_QEMU_HELPERDIR is defined. It might be
nice to not have to explicitly define the helper. Perhaps it looks at
the PATH variable, but I don't know.
Ah, found it. In configure, echo "qemu_helperdir=$libexecdir" >>
$config_host_mak, so it would be for us /usr/libexec/qemu-bridge-helper.
I'm not sure what the qemu-bridge-helper script does. Is it just the
same as qemu-ifup? It's not clear.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
