qemu discuss - Mar 2008 - Qemu 0.8.2 v Qemu 0.9.0 v VirtualBox

After using the OpenSolaris project download of Qemu 0.8.2 (with and without
Kqemu 64bit), Thoughtwave (32bit)  build of Qemu 0.9.0 and VirtualBox (beta) to
run Win98SE and Win2K on the same machine but sequentially (Dual Opteron 2218
with 8GB)
Once VirtualBox has a full release for OpenSolaris/Solaris with audio support
then it would be my preferrence for running Win98SE. Qemu 0.8.2 with Kqemu would
cause Solaris 10 to freeze requiring a power off to recover. Without Kqemu being
enabled then Windows 98SE would run without problem.
However, Qemu would be my preference for running Win2K as I found the
installation quicker, the Kqemu accelerator does improve performance. My reason
for running Win98 is to run some old software which is still fit for purpose.
Win2K is required for Checkpoint''s SecureClient but this requires Qemu
to have a unrestricted network connection, which I have attempted to get
working.
Providing an unrestricted network connection to virtual machines by default is
not secure, but is it possible to provide OpenSolaris/Solaris with a network
interface mechanism such that :-

1. Root can enable a virtual interface class and assign that class to a physical
interface.
2. Root can create a instance of that virtual interface class to give an
<interfaceN>, by default
    a stateful inspection firewall rule would be imposed of allowing all
outgoing traffic.
3. Root can then modify or delete the firewall rule on that <interfaceN>,
it would be useful to
    a predefined list of useful rules
4. Root can then use RBAC to give the a specific user RW access to
<interfaceN> for use
    with the virtual machine.
--
This message posted from opensolaris.org

On Sat, Mar 8, 2008 at 7:06 AM, russell aspinwall <
russell.aspinwall at flomerics.co.uk> wrote:
> After using the OpenSolaris project download of Qemu 0.8.2 (with and
> without Kqemu 64bit), Thoughtwave (32bit)  build of Qemu 0.9.0 and
> VirtualBox (beta) to run Win98SE and Win2K on the same machine but
> sequentially (Dual Opteron 2218 with 8GB)

Not sure why you wouldn''t try the 0.9.1 on Thoughtwave (though there is
no
32-bit i386 build in the package, and it was compiled on OpenSolaris).  It
by far has the most features available, including support for Tun/Tap
which allows unrestricted network access.

Once VirtualBox has a full release for OpenSolaris/Solaris with
audio
> support then it would be my preferrence for running Win98SE. Qemu 0.8.2with
Kqemu would cause Solaris 10 to freeze requiring a power off to
> recover. Without Kqemu being enabled then Windows 98SE would run without
> problem.

Early versions of  kqemu had problems with  16-bit OS''s like win98se. 
Works
fine with *current* release of  qemu.

> However, Qemu would be my preference for running Win2K as I found the
> installation quicker, the Kqemu accelerator does improve performance. My
> reason for running Win98 is to run some old software which is still fit for
> purpose. Win2K is required for Checkpoint''s SecureClient but this
requires
> Qemu to have a unrestricted network connection, which I have attempted to
> get working.

As noted above, unrestricted network access is only available in  0.9.1, or
a CVS drop from last february *after* 0.9.0 was released.

Providing an unrestricted network connection to virtual machines by
default
> is not secure, but is it possible to provide OpenSolaris/Solaris with a
> network interface mechanism such that :-
>
> 1. Root can enable a virtual interface class and assign that class to a
> physical interface.
>
> 2. Root can create a instance of that virtual interface class to give an
> <interfaceN>, by default
>    a stateful inspection firewall rule would be imposed of allowing all
> outgoing traffic.
> 3. Root can then modify or delete the firewall rule on that
<interfaceN>,
> it would be useful to
>    a predefined list of useful rules
> 4. Root can then use RBAC to give the a specific user RW access to
> <interfaceN> for use
>    with the virtual machine.

If you want to add VNIC support to QEMU, please take it on.  I''ve
already
posted
specifics about how to do unfettered network access.  You are better advised
to
use the guest OS''s firewalling capabilities in the meantime if you
concerned
about
the security issues related to a unfettered network access a QEMU guest
might
incur, rather than suggesting a fairly large engineering effort to do what
you
asked above.

In the meantime, if you want to take on converting the qemu_sol_tap script
from setuid root to RBAC, please feel free.

Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/qemu-discuss/attachments/20080308/51146acf/attachment.html>