This patch adds support for adding a static route for
a network. The "gateway" sub-element specifies
the gateway's IP address. Both IPv4 and IPv6
static routes are supported although it is
expected that this functionality will have
more use with IPv6.
This updates add the element to define a
st
This update includes two patch files:
1. The first file adds virSocketAddrGetIpPrefix() to
determine the prefix for a network. This function
is used by the static route code and has also been
used to update (replace the code in)
virNetworkIpDefPrefix() in src/conf/network_conf.c
2. The second an
Create the utility function virSocketAddrGetIpPrefix() to
determine the prefix for this network. The code in this
function was adapted from virNetworkIpDefPrefix().
Update virNetworkIpDefPrefix() in src/conf/network_conf.c
to use the new utility function.
.
Signed-off-by: Gene Czarcinski
---
sr
uses a helper application to do the necessary
TUN/TAP setup to use an existing network bridge, thus letting
unprivileged users use TUN/TAP interfaces.
However, libvirt should be preventing QEMU from running any setuid
programs at all, which would include this helper program. From
a security POV,
This will be used on a tap file descriptor returned by the bridge helper
to populate the element, because the helper does not provide
the interface name.
Signed-off-by: Paolo Bonzini
---
src/libvirt_private.syms | 1 +
src/util/virnetdevtap.c | 33 +
src/util/v
The is working mostly because of a peculiar
design decision in Linux. Ideally, QEMU would run with an empty
capability bounding set and would not be able to do any privileged
operation (not even by running a helper program). This is not the case
because dropping capabilities from the bounding se