Control: tag -1 + confirmed upstream wontfix On 10/24/2014 08:56 PM, Jonathan Dumke wrote: > Package: qemu-system-common > Version: 2.1+dfsg-5+b1 > Severity: normal > > Dear Maintainer, > > I want to start VMs with cmd like this: > kvm -net bridge -m 1024 ... > but qemu quit alltimes with following output: > failed to parse default acl file `/etc/qemu/bridge.conf' > failed to launch bridge helper
This is because qemu-bridge-helper binary is not setuid-root as upstream ships, because of security issues -- see eg https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691138#10 Marking as wontfix because I don't have time and energy to fix this upstream in a proper way. In short: -net bridge is insecure, you should use -net tap instead (with pre-created tap devices). You can make qemu-bridge-helper setuid root, but see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765936 - let it to serve you as a reminder. Thanks, /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
