Avi Kivity wrote:
On 11/07/2009 11:14 AM, Avi Kivity wrote:
I'd welcome -net bridge as one of them. But we shouldn't try to
invent access control systems or install suid helpers.
We can make the helper a script that does
exec sudo /the/real/helper "$@"
so a user can add it to /etc/sudoers and get pre-authenticated
configuration.
The key point of the helper here is that you pass an fd to a socketpair
and you then receive an fd over that socket. What the helper does is
really less important. Whether it's a script like you suggest or
something like I proposed doesn't matter from a qemu perspective.
Whether the qemu-bridge-helper should live in qemu or somewhere else is
a valid thing to discuss. In my next posting, I'll have things
restructured to separate out the two so that they two series can be
considered independently.
Regards,
Anthony Liguori
