Fix included in qemu-kvm-1.5.3-17.el7

Hi, Paolo

I checked with qemu-kvm-1.5.3-21.el7.x86_64 , that the qemu-bridge-helper's permission is 4755:
# stat /usr/libexec/qemu-bridge-helper 
  File: ‘/usr/libexec/qemu-bridge-helper’
  Size: 15336     	Blocks: 32         IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 1403635     Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:object_r:virt_bridgehelper_exec_t:s0
Access: 2013-12-17 03:43:49.840111230 +0800
Modify: 2013-12-03 13:40:16.000000000 +0800
Change: 2013-12-13 15:25:37.942931532 +0800
 Birth: -


But I found the permission of build before qemu-kvm-1.5.3-17.el7 (I used qemu-kvm-1.5.1-2.el7.x86_64) is 4755 too, so I am not sure if this bug is verified by this way.

(In reply to Paolo Bonzini from comment #0)
> /usr/libexec/qemu-bridge-helper needs capabilities to set up a bridge.
>
Test with both qemu-kvm build, since the permission is 4755 for both, I can boot guest using the tap that set up by the bridge-helper via unprivilege user:

Steps:
1.Check the existing bridge:
$ brctl show
bridge name	bridge id		STP enabled	interfaces
switch		0080.24be0518809b	no		em1

2.Confirm the qemu-bridge-helper acl that permit the switch :
$ cat /etc/qemu-kvm/bridge.conf 
allow virbr0
allow switch

3.Launch qemu with network by this helper
$ /usr/libexec/qemu-kvm -net bridge,br=switch -monitor stdio

qemu) info network
hub 0
 \ bridge.0: index=0,type=tap,helper=/usr/libexec/qemu-bridge-helper,br=switch

4.Check the interfaces 
$ brctl show
bridge name	bridge id		STP enabled	interfaces
switch		0080.24be0518809b	no		em1
							tap0

Paolo, can we verify this bug according to above ?

thanks,
qiguo

Yes, thanks!

According to comment #4 and comment #5 , this bug can be verified by qemu-kvm-1.5.3-21.el7.x86_64 .

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.