<div dir="ltr">Thanks, apparmour was the issue.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Aug 12, 2013 at 3:18 AM, Daniel P. Berrange <span dir="ltr"><<a href="mailto:berrange@redhat.com" target="_blank">berrange@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Sat, Aug 10, 2013 at 08:33:17PM -0600, Joshua McKee wrote:<br>
> Sorry, I accidentally hit send before I was done. Here's the finished<br>
> message:<br>
><br>
> Thanks! Unfortunately, I am running into the following issue when<br>
> attempting to use the generic ethernet configuration:<br>
><br>
> $ virsh -c qemu:///system create /tmp/generic.xml<br>
> error: Failed to create domain from /tmp/generic.xml<br>
> error: internal error process exited while connecting to monitor: kvm:<br>
> -netdev tap,id=hostnet0: could not configure /dev/net/tun: Operation not<br>
> permitted<br>
> kvm: -netdev tap,id=hostnet0: Device 'tap' could not be initialized<br>
><br>
> This is the network part of my xml file:<br>
><br>
> ...<br>
> <devices><br>
>    <interface type="ethernet"/><br>
>    ...<br>
>    <interface type="ethernet'><br>
>       <target dev="tap0"/><br>
>       <script path='/etc/qemu-ifup'/><br>
>    </interface><br>
>    ...<br>
> </devices><br>
> ...<br>
><br>
> In my /etc/libvirt/qemu.conf file I have the following set:<br>
><br>
> user = "root"<br>
> group ="root"<br>
> dynamic ownership = 0<br>
> clear_emulator_capabilities = 0<br>
> cgroup_device_acl = [<br>
>     "/dev/null", "/dev/full", "/dev/zero",<br>
>     "/dev/random", "/dev/urandom",<br>
>     "/dev/ptmx", "/dev/kvm", "/dev/kqemu",<br>
>     "/dev/rtc", "/dev/hpet",<br>
>     "/dev/net/tun",<br>
> ]<br>
<br>
</div></div>You did restart libvirtd after making those setting changes, right ?<br>
The user, group & clear_emulator_capabilities settings are the 3 that<br>
matter here & you have them correctly set.<br>
<div class="im"><br>
> I am running Ubuntu 12, which does not use SELinux.<br>
<br>
</div>It has apparmour though, which possibly denies access to /dev/net/tun<br>
<div class="HOEnZb"><div class="h5"><br>
Daniel<br>
--<br>
|: <a href="http://berrange.com" target="_blank">http://berrange.com</a>      -o-    <a href="http://www.flickr.com/photos/dberrange/" target="_blank">http://www.flickr.com/photos/dberrange/</a> :|<br>
|: <a href="http://libvirt.org" target="_blank">http://libvirt.org</a>              -o-             <a href="http://virt-manager.org" target="_blank">http://virt-manager.org</a> :|<br>
|: <a href="http://autobuild.org" target="_blank">http://autobuild.org</a>       -o-         <a href="http://search.cpan.org/~danberr/" target="_blank">http://search.cpan.org/~danberr/</a> :|<br>
|: <a href="http://entangle-photo.org" target="_blank">http://entangle-photo.org</a>       -o-       <a href="http://live.gnome.org/gtk-vnc" target="_blank">http://live.gnome.org/gtk-vnc</a> :|<br>
</div></div></blockquote></div><br></div>