preflight: Ensure crc network is accessible from session libvirt

This is needed to be able to switch to session libvirt, which will be
through machine-driver-libvirt (See
crc-org/machine-driver-libvirt#20)

cmd/crc/cmd/config/config_linux.go

@@ -28,6 +28,8 @@ var (
 	WarnCheckCrcNetwork              = cfg.AddSetting("warn-check-crc-network", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcNetworkActive        = cfg.AddSetting("skip-check-crc-network-active", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	WarnCheckCrcNetworkActive        = cfg.AddSetting("warn-check-crc-network-active", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
+	SkipCheckCrcBridgePermissions    = cfg.AddSetting("skip-check-crc-network-permissions", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
+	WarnCheckCrcBridgePermissions    = cfg.AddSetting("warn-check-crc-network-permissions", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcDnsmasqFile          = cfg.AddSetting("skip-check-crc-dnsmasq-file", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	WarnCheckCrcDnsmasqFile          = cfg.AddSetting("warn-check-crc-dnsmasq-file", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcNetworkManagerConfig = cfg.AddSetting("skip-check-network-manager-config", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})

pkg/crc/preflight/preflight_checks_linux.go

@@ -44,6 +44,11 @@ server=/crc.testing/192.168.130.11
 dns=dnsmasq
 `
 	libvirtDriverDownloadURL = fmt.Sprintf("https://github.com/code-ready/machine-driver-libvirt/releases/download/%s/crc-driver-libvirt", libvirtDriverVersion)
+	qemuBridgeConfig         = "allow crc"
+	qemuBridgeConfigPaths    = []string{
+		"/etc/qemu/bridge.conf",     // Upstream
+		"/etc/qemu-kvm/bridge.conf", // RHEL
+	}
 )
 
 func checkVirtualizationEnabled() error {
@@ -392,6 +397,44 @@ func fixLibvirtCrcNetworkActive() error {
 	return nil
 }
 
+func checkLibvirtCrcBridgePermissions() error {
+	logging.Debug("Checking if 'crc' bridge has appropriate permissions setup")
+	configPath, err := crcos.GetFirstExistentPath(qemuBridgeConfigPaths[:])
+	if err != nil {
+		return fmt.Errorf("Failed to find Qemu bridge configuration file: %s", err)
+	}
+
+	config, err := ioutil.ReadFile(filepath.Clean(configPath))
+	if err != nil {
+		return fmt.Errorf("Failed to read %s: %v", configPath, err)
+	}
+	regex := regexp.MustCompile(fmt.Sprintf("(?m)(\n|^)[[:space:]]*%s[[:space:]]*(\n|$)", qemuBridgeConfig))
+	if !regex.Match(config) {
+		return fmt.Errorf("Unpriviledged access to crc network is not allowed")
+	}
+	logging.Debug("The 'crc' bridge can be used by qemu-bridge-helper/session libvirt")
+	return nil
+}
+
+func fixLibvirtCrcBridgePermissions() error {
+	logging.Debug("Fixing permissions for 'crc'")
+	configPath, err := crcos.GetFirstExistentPath(qemuBridgeConfigPaths[:])
+	if err != nil {
+		return fmt.Errorf("Failed to find Qemu bridge configuration file: %s", err)
+	}
+
+	err = crcos.AppendToFileAsRoot(
+		"Allow 'crc' network to be used from session libvirt",
+		fmt.Sprintf("%s\n", qemuBridgeConfig),
+		configPath,
+	)
+	if err != nil {
+		return fmt.Errorf("Failed to write to %s: %v", configPath, err)
+	}
+	logging.Debug("The 'crc' bridge can now be used by qemu-bridge-helper/session libvirt")
+	return nil
+}
+
 func checkCrcDnsmasqConfigFile() error {
 	logging.Debug("Checking dnsmasq configuration")
 	c := []byte(crcDnsmasqConfig)

pkg/crc/preflight/preflight_linux.go

@@ -80,6 +80,13 @@ var libvirtPreflightChecks = [...]PreflightCheck{
 		fixDescription:   "Starting libvirt 'crc' network",
 		fix:              fixLibvirtCrcNetworkActive,
 	},
+	{
+		configKeySuffix:  "check-crc-network-permission",
+		checkDescription: "Checking for appropriate permissions on 'crc' network",
+		check:            checkLibvirtCrcBridgePermissions,
+		fixDescription:   "Setting appropriate permissions on 'crc' network",
+		fix:              fixLibvirtCrcBridgePermissions,
+	},
 	{
 		configKeySuffix:  "check-network-manager-installed",
 		checkDescription: "Checking if NetworkManager is installed",