[libvirt] running with UID != 0: internal error about bridged network

Harald Dunkel harald.dunkel at aixigo.de
Wed Aug 5 12:51:14 UTC 2009 

Hi folks,

I would like to avoid running the virtual hosts with UID=0.
But if I try to create a new virtual machine without being
root, then it fails with

% name=Lenny_amd64
% kvmdir=/local/kvm
% mkdir -p $kvmdir/$name
% qemu-img create -f qcow2 $kvmdir/$name/hda.qcow2 32G
Formatting '/local/kvm/Lenny_amd64/hda.qcow2', fmt=qcow2, size=33554432 kB
% virt-install --connect=qemu:///session -n $name -r 1024 -vcpus=1 -f $kvmdir/$name/hda.qcow2 --network=bridge:br0 --vnc --accelerate -v -c /usr/local/source/hdunkel/debian-502-i386-netinst.iso --os-type=linux --os-variant=debianLenny
14:18:35.586: warning : Cannot set group when not running as root
14:18:35.757: error : Domain not found: no domain with matching name 'Lenny_amd64'
libvir: QEMU error : Domain not found: no domain with matching name 'Lenny_amd64'


The log file shows

[Wed, 05 Aug 2009 14:18:35 virt-install 14229] ERROR (virt-install:786) internal error Failed to add tap interface 'vnet%d' to bridge 'br0' : Operation not permitted
Traceback (most recent call last):
   File "/usr/bin/virt-install", line 780, in <module>
     main()
   File "/usr/bin/virt-install", line 678, in main
     start_time, guest.start_install)
   File "/usr/bin/virt-install", line 733, in do_install
     dom = install_func(conscb, progresscb, wait=(not wait))
   File "/var/lib/python-support/python2.5/virtinst/Guest.py", line 541, in start_install
     return self._do_install(consolecb, meter, removeOld, wait)
   File "/var/lib/python-support/python2.5/virtinst/Guest.py", line 633, in _do_install
     self.domain = self.conn.createLinux(install_xml, 0)
   File "/usr/lib/python2.5/site-packages/libvirt.py", line 892, in createLinux
     if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error Failed to add tap interface 'vnet%d' to bridge 'br0' : Operation not permitted



Of course an unprivileged user is not allowed to mess around
with the network interfaces, but since it says "internal error"
I wonder how this is supposed to work? Is there something
misconfigured?


Any helpful comments would be highly appreciated

Harri

More information about the libvir-list mailing list