[Pkg-libvirt-commits] [libvirt] 02/04: libvirt-daemon: Expect qemu-bridge-helper in /usr/libexec/
Guido Guenther
agx at moszumanska.debian.org
Fri Mar 25 14:42:24 UTC 2016
This is an automated email from the git hooks/post-receive script.
agx pushed a commit to annotated tag debian/1.2.9-9+deb8u2
in repository libvirt.
commit e69dd7371c29ac76485ff7941d388c22be7b9962
Author: Philipp Hahn <pmhahn at pmhahn.de>
Date: Fri Mar 25 11:10:31 2016 +0100
libvirt-daemon: Expect qemu-bridge-helper in /usr/libexec/
like we fixed #790935 in sid.
Closes: #816602
---
debian/README.Debian | 12 +++++++
.../debian/Debianize-bridge-helper-path.patch | 42 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 55 insertions(+)
diff --git a/debian/README.Debian b/debian/README.Debian
index 0fa9358..0637b68 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -51,6 +51,18 @@ EOF
This makes dnsmasq only bind to the loopback interface by default so libvirtd
can handle the virtual bridges.
+Bridged network
+===============
+libvirt can use the qemu-bridge-helper to create bridged network interfaces for
+session domains. For this to work the helper must have the capability to create
+TUN/TAP devices or must have the SUID permission set.
+This can be done by running the following command as the user root:
+
+ setcap cap_net_admin+ep /usr/lib/qemu/qemu-bridge-helper
+
+The allowed bridges must be configured in the file '/etc/qemu/bridge.conf'. For
+each bridge add a line like 'allow br0'.
+
Access Control
==============
Access to the libvirt managing tasks is controlled by PolicyKit. To ease
diff --git a/debian/patches/debian/Debianize-bridge-helper-path.patch b/debian/patches/debian/Debianize-bridge-helper-path.patch
new file mode 100644
index 0000000..689741e
--- /dev/null
+++ b/debian/patches/debian/Debianize-bridge-helper-path.patch
@@ -0,0 +1,42 @@
+libvirt-daemon: Expects qemu-bridge-helper in /usr/libexec/
+
+$ strings /usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so | grep bridge-helper
+/usr/libexec/qemu-bridge-helper
+
+$ dpkg -S bridge-helper
+qemu-system-common: /usr/lib/qemu/qemu-bridge-helper
+
+Closes #816602
+--- a/src/qemu/qemu.conf
++++ b/src/qemu/qemu.conf
+@@ -357,7 +357,7 @@
+ # is used to create <source type='bridge'> interfaces when libvirtd is
+ # running unprivileged. libvirt invokes the helper directly, instead
+ # of using "-netdev bridge", for security reasons.
+-#bridge_helper = "/usr/libexec/qemu-bridge-helper"
++#bridge_helper = "/usr/lib/qemu/qemu-bridge-helper"
+
+
+
+--- a/src/qemu/qemu_conf.c
++++ b/src/qemu/qemu_conf.c
+@@ -244,7 +244,7 @@ virQEMUDriverConfigPtr virQEMUDriverConf
+ goto error;
+ }
+
+- if (VIR_STRDUP(cfg->bridgeHelperName, "/usr/libexec/qemu-bridge-helper") < 0)
++ if (VIR_STRDUP(cfg->bridgeHelperName, "/usr/lib/qemu/qemu-bridge-helper") < 0)
+ goto error;
+
+ cfg->clearEmulatorCapabilities = true;
+--- a/src/qemu/test_libvirtd_qemu.aug.in
++++ b/src/qemu/test_libvirtd_qemu.aug.in
+@@ -56,7 +56,7 @@ module Test_libvirtd_qemu =
+ { "auto_dump_bypass_cache" = "0" }
+ { "auto_start_bypass_cache" = "0" }
+ { "hugetlbfs_mount" = "/dev/hugepages" }
+-{ "bridge_helper" = "/usr/libexec/qemu-bridge-helper" }
++{ "bridge_helper" = "/usr/lib/qemu/qemu-bridge-helper" }
+ { "clear_emulator_capabilities" = "1" }
+ { "set_process_name" = "1" }
+ { "max_processes" = "0" }
diff --git a/debian/patches/series b/debian/patches/series
index 69667f6..7651164 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -32,3 +32,4 @@ Allow-access-to-libnl-3-config-files.patch
Fix-crash-on-live-migration.patch
upstream/Report-original-error-when-QMP-probing-fails-with-ne.patch
security/CVE-2015-5313-storage-don-t-allow-in-filesystem-volu.patch
+debian/Debianize-bridge-helper-path.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git
More information about the Pkg-libvirt-commits
mailing list