16.12.2010 22:40, Yves-Alexis Perez wrote:
[]
>> There's no such thing as "internal script".  By default qemu - given
>> -net tap as above - _creates_ a network device, and runs the script
>> specified only _after_ the device is created.  Here, you don't have
>> permission to _create_ a network device to start with.
> 
> The various howtos found on the net seem to indicate the script is
> responsible for creating the device. See
> http://en.wikibooks.org/wiki/QEMU/Networking for example.

We can't be responsible for every error in every internet
publication out there.  The above wiki page is wrong in
that it's wrong to _create_ the tap device inside the
configuration script.

[]
>> The script runs against already created tap device - created either
>> by qemu itself, or pre-created (and given with ifname=NNN to qemu).
> 
> Ok so passing ifname=NNN should prevent the device to be created by kvm.

No.  qemu will create a device if it's not already exist,
be it a named or randomly-numbered one.

>> There's no point or ability to _create_ a tap device _inside_ the
>> script - because it has the same permissions anyway, and because
>> now there's no way to pass the tap device back to qemu.
> 
> I thought the name was given has an argument to the script, so qemu
> already knows it. And that means it's possible to gain root in the
> script using sudo.

Yes, the iface name is passed as first argument to the
script, because qemu has it created and open at the time
when the script is run.

>>> Using script=no fixes the problem but means one has to setup everything
>>> himself.
>>
>> Fixes which problem?  Qemu still need the tap device - either created
>> internally or pre-created.
> 
> I meant that when passing script=no, qemu didn't try to create the tap
> device itself, but that's wrong, it's when I used ifname=foo.

And you're wrong again.  Qemu needs a working tap device, - either
pre-created or created by qemu itself, no matter if you use ifname=foo
or script=foo or script=no.

/mjt



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to