For working exam-mode we need to block direct internet access by firewall.
Users have to use squid-proxy on firewall, which can be disabled for exam-users.
To allow VM-traffic (anonymous user), we use a local squid server with users
kerberos-ticket to authenticate on the parent squid.
When using VMs on teacherdevices offsite, the local squid has to use direct internet access.
So we need two squid configs. When switching between offsite and onsite,
the squid has to be restartet with corresponding config.
Some Windows programs have problems with virtiofsd drives.
So that the appropriate SMB shares can be mounted directly in Windows,
a corresponding list of network drives is created before the VM starts.
- The new virtiofsd provides the ability to map a specified
UID and GID to that of the user when running in user mode.
As a result, virtiofsd is moved to userland for VMs and
the new -uid and -gid options are introduced that specify
the IDs on the guest.New v
- The drives no longer have to be mounted with the group ID 1010.
Therefore, the mount options are changed to the real group ID
Systemd-networkd is no longer used.
NetworkManager creates a MACVTAP device for each physical Ethernet device.
When calling vm-run with option macvtap, all macvtap-devices are passed to the VM.
