Did this ever get fixed? The upstream patch with the helper was posted
to the mailing list in November 2009 and in the same thread it is
mentioned that the Ubuntu packaging would enable this by the time
Lucid/qemu-0.12-rc1 was released.
I assume the fix (as described in comment #14) is /etc/qemu-ifup ?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/103010
Title:
qemu no tun/tap networking
To manage notifications
Did this ever get fixed? The upstream patch with the helper was posted
to the mailing list in November 2009 and in the same thread it is
mentioned that the Ubuntu packaging would enable this by the time
Lucid/qemu-0.12-rc1 was released.
I assume the fix (as described in comment #14) is /etc/qemu-ifup ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/103010
Title:
qemu no tun/tap networking
To manage notifications about this bug go
The Debian bug appears to have been marked Fix Released because the
actual qemu package was removed from Debian and replaced with qemu-kvm.
Maybe another bug needs to be opened for that package.
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug
The Debian bug appears to have been marked Fix Released because the
actual qemu package was removed from Debian and replaced with qemu-kvm.
Maybe another bug needs to be opened for that package.
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug
I've gone through this bug report as well as the relevant Debian Bug
report and I don't think it's fixed.
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu-kvm in
I've gone through this bug report as well as the relevant Debian Bug
report and I don't think it's fixed.
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** Changed in: qemu-kvm (Debian)
Status: Unknown = Fix Released
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu-kvm in ubuntu.
--
Ubuntu-server-bugs
** Changed in: qemu-kvm (Debian)
Status: Unknown = Fix Released
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Bug watch added: Debian Bug tracker #412941
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412941
** Also affects: qemu-kvm (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412941
Importance: Unknown
Status: Unknown
--
qemu no tun/tap networking
** Bug watch added: Debian Bug tracker #412941
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412941
** Also affects: qemu-kvm (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412941
Importance: Unknown
Status: Unknown
--
qemu no tun/tap networking
Kees: I know about the wiki page - I'm the one who edited it to note
this issue. It is not true that file capabilities only work in Lucid - I
am using Karmic and it works fine. libcap2-bin is also not a PAM
package. It is also not true that you need to manually add users to
It's very important to note that qemu-kvm is in Ubuntu main, and
VirtualBox is in universe. The quality control, and in particular the
security model you might expect are quite different between the two
packages in Ubuntu.
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You
@Chris Yup, I understand how capabilities work. I'm actively working on
getting fscaps functioning with Debian/Ubuntu packaging (see
https://wiki.ubuntu.com/Security/FilesystemCapabilties). (You seemed to
miss me changing ep to ei in the wiki -- I've added the old
instructions back and clarified
http://wiki.qemu.org/Features/HelperNetworking
We plan on addressing this upstream by introducing a helper to create
the tap device. This helper would be owned by root, and would be
limited in what it did with the tap device (in terms of attaching it to
a bridge).
This allows a sysadmin to
Kees: I know about the wiki page - I'm the one who edited it to note
this issue. It is not true that file capabilities only work in Lucid - I
am using Karmic and it works fine. libcap2-bin is also not a PAM
package. It is also not true that you need to manually add users to
It's very important to note that qemu-kvm is in Ubuntu main, and
VirtualBox is in universe. The quality control, and in particular the
security model you might expect are quite different between the two
packages in Ubuntu.
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You
@Chris Yup, I understand how capabilities work. I'm actively working on
getting fscaps functioning with Debian/Ubuntu packaging (see
https://wiki.ubuntu.com/Security/FilesystemCapabilties). (You seemed to
miss me changing ep to ei in the wiki -- I've added the old
instructions back and clarified
http://wiki.qemu.org/Features/HelperNetworking
We plan on addressing this upstream by introducing a helper to create
the tap device. This helper would be owned by root, and would be
limited in what it did with the tap device (in terms of attaching it to
a bridge).
This allows a sysadmin to
I'm sorry, this is not something that we can solve in the qemu-kvm
package that is in Ubuntu Main.
Why not? The standard Ubuntu kernel supports capabilities
(CONFIG_SECURITY_FILE_CAPABILITIES). It is obviously not desirable to
have qemu networking broken by default, or to tell users that they
Marc/Kees/Jamie-
Would you care to answer the questions above? I've been telling people
no for 4 Ubuntu releases that we will not enable tun/tap networking in
qemu-kvm.
** Changed in: qemu-kvm (Ubuntu)
Assignee: (unassigned) = Ubuntu Security Team (ubuntu-security)
--
qemu no tun/tap
Please see https://help.ubuntu.com/community/KVM/Networking for a
discussion of the issue. (Basically, it is unsafe to ship it this way
as it gives any local user the ability to disrupt networking.)
** Changed in: qemu-kvm (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) =
I'm sorry, this is not something that we can solve in the qemu-kvm
package that is in Ubuntu Main.
Why not? The standard Ubuntu kernel supports capabilities
(CONFIG_SECURITY_FILE_CAPABILITIES). It is obviously not desirable to
have qemu networking broken by default, or to tell users that they
Marc/Kees/Jamie-
Would you care to answer the questions above? I've been telling people
no for 4 Ubuntu releases that we will not enable tun/tap networking in
qemu-kvm.
** Changed in: qemu-kvm (Ubuntu)
Assignee: (unassigned) = Ubuntu Security Team (ubuntu-security)
--
qemu no tun/tap
Please see https://help.ubuntu.com/community/KVM/Networking for a
discussion of the issue. (Basically, it is unsafe to ship it this way
as it gives any local user the ability to disrupt networking.)
** Changed in: qemu-kvm (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) =
** Also affects: qemu-kvm (Ubuntu)
Importance: Undecided
Status: New
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu-kvm in ubuntu.
--
I'm sorry, this is not something that we can solve in the qemu-kvm
package that is in Ubuntu Main.
You could, I suppose, submit a patch that adds another binary package
under the qemu-kvm source package that we put in Universe.
I'm subscribing the Ubuntu Security team too.
** Changed in: qemu
Chris-
Thanks for your suggestion. I haven't tested it, yet. I've subscribed
the Ubuntu Security Team. I'm curious for their opinion on this.
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Server
** Also affects: qemu-kvm (Ubuntu)
Importance: Undecided
Status: New
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
I'm sorry, this is not something that we can solve in the qemu-kvm
package that is in Ubuntu Main.
You could, I suppose, submit a patch that adds another binary package
under the qemu-kvm source package that we put in Universe.
I'm subscribing the Ubuntu Security team too.
** Changed in: qemu
Chris-
Thanks for your suggestion. I haven't tested it, yet. I've subscribed
the Ubuntu Security Team. I'm curious for their opinion on this.
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Bugs, which
It is a bit poor to have qemu networking broken by default. I suggest
the following in postinst:
setcap cap_net_admin=ep /usr/bin/qemu-system-*
For more information on QEMU and Linux capabilities see
http://www.friedhoff.org/posixfilecaps.html
--
qemu no tun/tap networking
** Changed in: qemu (Ubuntu)
Status: Won't Fix = Confirmed
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Thanks for the report. This is a security issue. The kernel requires
more privileges than a qemu userspace app has to enable tun/tap
networking.
:-Dustin
** Changed in: qemu (Ubuntu)
Status: New = Won't Fix
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You
This bug is still existing in Interpid. What information exactly is
needed, so I could provide it?
** Changed in: qemu (Ubuntu)
Status: Invalid = New
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
We are closing this bug report because it lacks the information we need
to investigate the problem, as described in the previous comments.
Please reopen it if you can give us the missing information, and don't
hesitate to submit bug reports in the future. To reopen the bug report
you can click on
Is this symptom still reproducible in 8.10 beta?
** Changed in: qemu (Ubuntu)
Status: New = Incomplete
--
qemu no tun/tap networking
https://bugs.launchpad.net/bugs/103010
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
38 matches
Mail list logo
