Description of problem: See: https://lists.fedoraproject.org/pipermail/virt/2014-September/004179.html and followups. qemu has a setuid program called 'qemu-bridge-helper' which apparently we can use to connect to virbr0 and get real networking instead of using SLIRP. This would only apply to the libvirt backend.
On a system that is already doing this for boxes, all that would be required would be to use the following interface definition: <interface type='bridge'> <source bridge='virbr0'/> ... </interface> the bridge helper looks in /etc/qemu/bridge.conf to see which bridges it can use, and which users can request taps connected to those bridges. On Fedora at least, by default this file contains: allow virbr0 which means that any uid can request a new tap device connected to virbr0. Apparently, this particular bridge.conf file is installed as part of the qemu-common package.
That change would be quite simple to make in libguestfs .. but using virbr0 would require dhcp I think? Unfortunately the guestfs appliance would really like a fixed IP address assigned in advance. I guess we might be able to run dhclient, assuming there is not too much speed penalty.
These two patches implement the general idea: https://www.redhat.com/archives/libguestfs/2014-September/msg00293.html https://www.redhat.com/archives/libguestfs/2014-September/msg00294.html
v2 patch: https://www.redhat.com/archives/libguestfs/2014-October/msg00007.html
Patches upstream, but blocked by bug 1146320 on Rawhide.