FS#32565 - [qemu-kvm] qemu-bridge-helper issues

Attached to Project: Arch Linux
Opened by Ray (ataraxia) - Friday, 09 November 2012, 15:35 GMT
Last edited by Tobias Powalowski (tpowa) - Thursday, 31 January 2013, 21:10 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Tobias Powalowski (tpowa)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
There are two problems with the packaging of the qemu-bridge-helper binary:

1) It is installed in /usr/lib/qemu/, but qemu still expects to find it in /usr/libexec/. I suspect that's caused by only passing libexecdir=/usr/lib/qemu to "make install", but not to "make" on "configure". This software cares about the definition of libexecdir during the build as well as the installation.

2) Based on reading the source, this binary expects to be installed either setuid, or with "setcap cap_net_admin+ep". This allows VMs using "-net tap" or "-net bridge" to be started as non-root. (This binary also reads ACLs from /etc/qemu/bridge.conf to prevent users abusing the access thus gained. Unfortunately, both the binary and the config file are quite poorly documented.)

I suspect the "qemu" package is has the same problems, though as I don't use it, I haven't done any testing on that one.

Additional info:
* package version(s)
qemu-kvm 1.2.0-1


Steps to reproduce:
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Thursday, 31 January 2013, 21:10 GMT
Reason for closing:  Fixed
Additional comments about closing:  1.3.1-1
Comment by Tobias Powalowski (tpowa) - Thursday, 20 December 2012, 08:30 GMT
Should work now with 1.3.0-1
Comment by Lone_Wolf (Lone_Wolf) - Friday, 21 December 2012, 16:33 GMT
I've got the same problem, and while it's good to know tobias has solved it,
version 1.3.0-1 is not found in repos or git yet.
Where can we get it ?
Comment by Dave Reisner (falconindy) - Friday, 21 December 2012, 16:49 GMT
It's in [testing], of course, because there's been significant changes to the package.
Comment by Lone_Wolf (Lone_Wolf) - Friday, 21 December 2012, 17:01 GMT
I had expected it to be there, but then the www.archlinux.org/packages needs updating .

it currently lists 48 packages in testing, but qemu-kvm is not one of them.
Qemu 1.3.0-1 however IS in testing, but i use qemu-kvm, not qemu .
This bug report also is for qemu-kvm , no idea if qemu has the same bug.
Comment by Dave Reisner (falconindy) - Friday, 21 December 2012, 17:20 GMT
Qemu-kvm is dead. Qemu 1.3 merged all missing functionality. The qemu package in testing has the fix for this bug and will replace qemu-kvm

Sorry that wasn't clear.
Comment by Lone_Wolf (Lone_Wolf) - Friday, 21 December 2012, 20:31 GMT
switched to testing and installed qemu 1.3.0-1 .

still error messages with bridging though :
$ qemu-system-x86_64 \
-cpu host \
-boot order=d \
-drive file=~/Virtual_Machines/arch-test/arch-test,if=virtio \
-cdrom ~/Documents/Images/archlinux-2012.12.01-dual.iso \
-net bridge,br=br0 -net nic,model=virtio \
-vga vmware \
-m 2048

failed to parse default acl file `/etc/qemu/bridge.conf'
failed to launch bridge helper
qemu-system-x86_64: -net bridge,br=br0: Device 'bridge' could not be initialized

http://wiki.qemu.org/Features/HelperNetworking gives a bit of info about this file and it's contents.
Maybe a minimal bridge.conf as described there can be added ?
Comment by Tobias Powalowski (tpowa) - Thursday, 31 January 2013, 16:47 GMT
I add a sample file, else you get tons of .pacnew files.

Loading...