On 2014/02/03 17:39, Jiri B wrote:
> I'm not native English speaker so I'm not sure I do
> understand meaning correctly or if the wording is
> OK...
>
> NOTE: sudo calls closefrom(2). In order to have more than one
> fd passed tap interface, a line to sudoers akin to:
>
> Defaults closefrom_override
>
> then calling sudo via 'sudo -C 5 -u $USER qemu-system-i386 ..'
> is required. See sudoers(5) and sudo(8) for details.
>
> "...more than one fd passed tap interface,...". Is this correct?
> What does it want to say exactly?
Maybe "fd-passed tap interface" would be clearer. Basically it's talking about a
tap interface which has been passed via a file descriptor. If you want more than
one of those, you need to override sudo's default, which is to close FDs higher
than 3.
-C fd Normally, sudo will close all open file descriptors other
than standard input, standard output and standard error. The
-C (close from) option allows the user to specify a starting
point above the standard error (file descriptor three).
Values less than three are not permitted. This option is
only available when the administrator has enabled the
closefrom_override option in sudoers(5).
> I made my qemu VM work with multiple ifaces with following
> command, each VM's iface has its own tun(4) device on the
> OpenBSD host.
>
> $ sudo sh -c "sudo -C 5 -u jirib qemu-system-x86_64 -net
> nic,model=virtio,vlan=0 \
> -net tap,vlan=0,fd=3 -net nic,vlan=1,model=virtio -net tap,vlan=1,fd=4 \
> -no-fd-bootchk -drive file=~/tmp/qemu/virtual.img,if=virtio,format=qcow2 \
> -drive file=~/downloads/install55.iso,if=scsi,media=cdrom \
> -boot order=cd,once=d 3<>/dev/tun0 4<>/dev/tun1"
>
> Am I doing multi-nic qemu VM correctly?
>
> jirib
>
looks right. does it work?
