On Sun, Nov 23, 2014 at 08:23:21PM -0500, David Miller wrote: > From: "Michael S. Tsirkin" <m...@redhat.com> > Date: Sun, 23 Nov 2014 22:30:32 +0200 > > > qemu runs in the host, but it's unpriveledged: it gets > > passed tun FDs by a priveledged daemon, and it only > > has the rights to some operations, > > in particular to attach and detach queues. > > > > The assumption always was that this operation is safe > > and can't make kernel run out of resources. > > This creates a rather rediculous situation in my opinion. > > Configuring a network device is a privileged operation, the daemon > should be setting this thing up. > > In no other context would we have to worry about something like this.
Right. Jason corrected me. I got it wrong: what qemu does is TUNSETQUEUE and that needs to get a queue that's already initialized by the daemon. To create new queues daemon calls TUNSETIFF, and that already can be used to create new devices, so it's a priveledged operation. This means it's safe to just drop the restriction, exactly as you suggested originally. -- MST -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/