preflight: Ensure crc network is accessible from session libvirt

This is needed to be able to switch to session libvirt, which will be
through machine-driver-libvirt (See
crc-org/machine-driver-libvirt#20)

cmd/crc/cmd/config/config_linux.go

@@ -26,6 +26,8 @@ var (
 	WarnCheckCrcNetwork              = cfg.AddSetting("warn-check-crc-network", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcNetworkActive        = cfg.AddSetting("skip-check-crc-network-active", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	WarnCheckCrcNetworkActive        = cfg.AddSetting("warn-check-crc-network-active", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
+	SkipCheckCrcBridgePermissions    = cfg.AddSetting("skip-check-crc-network-permissions", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
+	WarnCheckCrcBridgePermissions    = cfg.AddSetting("warn-check-crc-network-permissions", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcDnsmasqFile          = cfg.AddSetting("skip-check-crc-dnsmasq-file", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	WarnCheckCrcDnsmasqFile          = cfg.AddSetting("warn-check-crc-dnsmasq-file", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcNetworkManagerConfig = cfg.AddSetting("skip-check-network-manager-config", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})

pkg/crc/preflight/preflight_checks_linux.go

@@ -44,6 +44,11 @@ server=/crc.testing/192.168.130.11
 dns=dnsmasq
 `
 	libvirtDriverDownloadURL = fmt.Sprintf("https://github.com/code-ready/machine-driver-libvirt/releases/download/%s/crc-driver-libvirt", libvirtDriverVersion)
+	qemuBridgeConfig         = "allow crc"
+	qemuBridgeConfigPaths    = [2]string{
+		"/etc/qemu/bridge.conf",     // Upstream
+		"/etc/qemu-kvm/bridge.conf", // RHEL
+	}
 )
 
 func checkVirtualizationEnabled() (bool, error) {
@@ -392,6 +397,44 @@ func fixLibvirtCrcNetworkActive() (bool, error) {
 	return true, nil
 }
 
+func checkLibvirtCrcBridgePermissions() (bool, error) {
+	logging.Debug("Checking if 'crc' bridge has appropriate permissions setup")
+	configPath, err := crcos.GetReadablePath(qemuBridgeConfigPaths[:])
+	if err != nil {
+		return false, fmt.Errorf("Failed to find Qemu bridge configuration file: %s", err)
+	}
+
+	config, err := ioutil.ReadFile(filepath.Clean(configPath))
+	if err != nil {
+		return false, fmt.Errorf("Failed to read %s: %v", configPath, err)
+	}
+	regex := regexp.MustCompile(fmt.Sprintf("(\n|^)%s", qemuBridgeConfig))
+	if !regex.Match(config) {
+		return false, fmt.Errorf("`crc` network not allowed unprivileged access")
+	}
+	logging.Debug("The 'crc' bridge can be used by qemu-bridge-helper/session libvirt")
+	return true, nil
+}
+
+func fixLibvirtCrcBridgePermissions() (bool, error) {
+	logging.Debug("Fixing permissions for 'crc'")
+	configPath, err := crcos.GetReadablePath(qemuBridgeConfigPaths[:])
+	if err != nil {
+		return false, fmt.Errorf("Failed to find Qemu bridge configuration file: %s", err)
+	}
+
+	err = crcos.AppendToFileAsRoot(
+		"Allow 'crc' network to be used from session libvirt",
+		fmt.Sprintf("%s\n", qemuBridgeConfig),
+		configPath,
+	)
+	if err != nil {
+		return false, fmt.Errorf("Failed to write to %s: %v", configPath, err)
+	}
+	logging.Debug("The 'crc' bridge can now be used by qemu-bridge-helper/session libvirt")
+	return true, nil
+}
+
 func checkCrcDnsmasqConfigFile() (bool, error) {
 	logging.Debug("Checking dnsmasq configuration")
 	c := []byte(crcDnsmasqConfig)

pkg/crc/preflight/preflight_linux.go

@@ -169,6 +169,12 @@ func SetupHost(vmDriver string) {
 		"Starting libvirt 'crc' network",
 		config.GetBool(cmdConfig.WarnCheckCrcNetworkActive.Name),
 	)
+	preflightCheckAndFix(config.GetBool(cmdConfig.SkipCheckCrcBridgePermissions.Name),
+		checkLibvirtCrcBridgePermissions,
+		fixLibvirtCrcBridgePermissions,
+		"Checking for appropriate permissions on 'crc' network",
+		config.GetBool(cmdConfig.WarnCheckCrcBridgePermissions.Name),
+	)
 	preflightCheckAndFix(config.GetBool(cmdConfig.SkipCheckNetworkManagerInstalled.Name),
 		checkNetworkManagerInstalled,
 		fixNetworkManagerInstalled,