Re: reaching the guest from the host through network

From: "Zeeshan Ali (Khattak)" <zeeshanak gnome org>
To: Laine Stump <laine redhat com>
Cc: gnome-boxes-list gnome org
Subject: Re: reaching the guest from the host through network
Date: Fri, 8 Feb 2013 22:54:11 +0200

Hi Laine,

On Fri, Feb 8, 2013 at 9:45 PM, Laine Stump <laine redhat com> wrote:
> On 02/08/2013 01:26 PM, Lucas Meneghel Rodrigues wrote:
>> On 02/08/2013 03:43 PM, Zeeshan Ali (Khattak) wrote:
>>> On Fri, Feb 8, 2013 at 7:29 PM, Lucas Meneghel Rodrigues
>>> <lmr redhat com> wrote:
>>>> On 02/08/2013 12:36 PM, Emmanuel Touzery wrote:
>>>>>
>>>>> looking at this:
>>>>> https://bugzilla.gnome.org/show_bug.cgi?id=677688
>>>>>
>>>>> it seems that at least for now my best bet would be using virt-manager
>>>>> which is more powerful than gnome-boxes. I'll try that now.
>>>>
>>>>
>>>> Bridging requires root access, something that boxes can't provide
>>>> you right
>>>> now, since it can only access the unprivileged qemu session.
>
> Well, to be exact, qemu is *always* unprivileged. It's libvirt that must
> be running privileged in order to do full network setup.
>
> Recent libvirt has an addition that causes an unprivileged libvirt given
> an <interface type='bridge'> configuration to tell the (also
> unprivileged) qemu it creates to use the new qemu "suid network helper"
> to create a tap device and connect it to an existing bridge. This is
> about 1/10th of the capabilities possible from a privileged libvirt, but
> it may be sufficient in some cases (in particular, if a bridge has
> already been setup on the host).
>
>
>>>> Since
>>>> virt-manager can access the privileged qemu session, it also has
>>>> access to
>>>> the libvirt bridge, and it will all work fine.
>
> With qemu's suid network helper, boxes could also have access to "the
> bridge created by libvirt".

Unfortunately this is disabled in default config of upstream qemu so
we can't use this in Boxes :(

https://bugzilla.gnome.org/show_bug.cgi?id=677688#c24

>>>>
>>>> Note that using wifi and having a working bridge is perfectly
>>>> possible, a
>>>> wifi interface is very much like an ethernet interface for bridging
>>>> purposes.
>>>
>>> Thats what I thought too but seems libvirt guys do not agree:
>>
>> I guess then I'm lucky, since I own 2 thinkpads where this works
>> perfectly well then :)
>
> I'm guessing that you don't have your wifi directly attached to the
> bridge, but are relying on some combination of IP routing and proxy arp?
> (Or possibly your wifi card and AP both allow multiple MAC addresses on
> the same connection).
>
> Unfortunately, something as hit and miss as this can't be put into
> libvirt. If someone comes up with a relatively non-intrusive 100%
> reliable on all platforms way to give guests "L2 bridged" access to the
> physical network, I would seriously love to make a new libvirt network
> type that supports it.

*all platforms* might make it a much bigger challenge than it already
is. If this support is added mainly for Boxes, I'd suggest not caring
about anything other than Linux as Boxes (like rest of GNOME) is
targeted for Linux. Keep in mind, I'm not suggesting breaking things
for other platforms.

-- 
Regards,

Zeeshan Ali (Khattak)
FSF member#5124

Follow-Ups:
- Re: reaching the guest from the host through network
  - From: Laine Stump

References:
- reaching the guest from the host through network
  - From: Emmanuel Touzery
- Re: reaching the guest from the host through network
  - From: Emmanuel Touzery
- Re: reaching the guest from the host through network
  - From: Emmanuel Touzery
- Re: reaching the guest from the host through network
  - From: Lucas Meneghel Rodrigues
- Re: reaching the guest from the host through network
  - From: Zeeshan Ali (Khattak)
- Re: reaching the guest from the host through network
  - From: Lucas Meneghel Rodrigues
- Re: reaching the guest from the host through network
  - From: Laine Stump

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]