[gnome-boxes/flatpak-net-bridge] flatpak, util: Spawn qemu-bridge-helper outside the sandbox
- From: Felipe Borges <felipeborges src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-boxes/flatpak-net-bridge] flatpak, util: Spawn qemu-bridge-helper outside the sandbox
- Date: Thu, 29 Sep 2022 08:43:32 +0000 (UTC)
commit d6c5428c262098957cb29526591719eae7d3dc37
Author: Felipe Borges <felipeborges gnome org>
Date: Thu Sep 29 10:39:32 2022 +0200
flatpak, util: Spawn qemu-bridge-helper outside the sandbox
This will work if the host system has https://gitlab.gnome.org/felipeborges/boxes-bridge-helper
made available with a suid bit in /usr/libexec/qemu-bridge-helper
In the final version of this work we should use DBus to communicate
between libvirt (inside the sandbox) and bridge-helper running in the
host. The bridge-helper running in the host should use polkit for
opening the device, so we don't need the suid bit.
See #232
...-flatpak-spawn-for-qemu-bridge-helper-bin.patch | 34 ++++++++++++++++++++++
build-aux/flatpak/org.gnome.BoxesDevel.json | 6 ++++
src/util-app.vala | 6 ++++
3 files changed, 46 insertions(+)
---
diff --git a/build-aux/flatpak/libvirt-use-flatpak-spawn-for-qemu-bridge-helper-bin.patch
b/build-aux/flatpak/libvirt-use-flatpak-spawn-for-qemu-bridge-helper-bin.patch
new file mode 100644
index 00000000..ebe161b8
--- /dev/null
+++ b/build-aux/flatpak/libvirt-use-flatpak-spawn-for-qemu-bridge-helper-bin.patch
@@ -0,0 +1,34 @@
+From f8018ad06198f6515ac07374cc00010205af1662 Mon Sep 17 00:00:00 2001
+From: Felipe Borges <felipeborges gnome org>
+Date: Tue, 20 Sep 2022 13:59:25 +0200
+Subject: [PATCH] Use flatpak-spawn for qemu-bridge-helper
+
+---
+ src/qemu/qemu_interface.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c
+index 4cc76e07a5..64f1b14656 100644
+--- a/src/qemu/qemu_interface.c
++++ b/src/qemu/qemu_interface.c
+@@ -335,13 +335,10 @@ qemuCreateInBridgePortWithHelper(virQEMUDriverConfig *cfg,
+ return -1;
+ }
+
+- if (!virFileIsExecutable(cfg->bridgeHelperName)) {
+- virReportSystemError(errno, _("'%s' is not a suitable bridge helper"),
+- cfg->bridgeHelperName);
+- return -1;
+- }
+-
+- cmd = virCommandNew(cfg->bridgeHelperName);
++ cmd = virCommandNew("/usr/bin/flatpak-spawn");
++ virCommandAddArgFormat(cmd, "--host");
++ virCommandAddArgFormat(cmd, "--forward-fd=%d", pair[1]);
++ virCommandAddArgFormat(cmd, cfg->bridgeHelperName);
+ if (flags & VIR_NETDEV_TAP_CREATE_VNET_HDR)
+ virCommandAddArgFormat(cmd, "--use-vnet");
+ virCommandAddArgFormat(cmd, "--br=%s", brname);
+--
+2.37.3
+
diff --git a/build-aux/flatpak/org.gnome.BoxesDevel.json b/build-aux/flatpak/org.gnome.BoxesDevel.json
index 98997c9e..47220305 100644
--- a/build-aux/flatpak/org.gnome.BoxesDevel.json
+++ b/build-aux/flatpak/org.gnome.BoxesDevel.json
@@ -19,8 +19,10 @@
"--talk-name=org.freedesktop.secrets",
"--filesystem=xdg-run/dconf",
"--filesystem=~/.config/dconf:ro",
+ "--filesystem=/usr/libexec/",
"--filesystem=home",
"--talk-name=ca.desrt.dconf",
+ "--talk-name=org.freedesktop.Flatpak",
"--env=DCONF_USER_CONFIG_DIR=.config/dconf",
"--add-policy=Tracker3.dbus:org.freedesktop.Tracker3.Miner.Files=tracker:Software"
],
@@ -153,6 +155,10 @@
{
"type": "patch",
"path": "libvirt-use-monitor-in-xdg-runtime-dir.patch"
+ },
+ {
+ "type": "patch",
+ "path": "libvirt-use-flatpak-spawn-for-qemu-bridge-helper-bin.patch"
}
]
}
diff --git a/src/util-app.vala b/src/util-app.vala
index 06cc38b5..a1cbdd58 100644
--- a/src/util-app.vala
+++ b/src/util-app.vala
@@ -313,6 +313,12 @@ public GVir.StorageVol? get_storage_volume (GVir.Connection connection, GVir.Dom
private static bool libvirt_bridge_net_available = false;
public bool is_libvirt_bridge_net_available () {
+ /* FIXME: in the containerized scenario, Boxes shouldn't be the one
+ * parsing the ACL file, this should happen on the host side.
+ */
+ if (App.is_running_in_flatpak ())
+ return true;
+
if (libvirt_bridge_net_checked)
return libvirt_bridge_net_available;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
