[libvirt-users] qemu-bridge-helper issue

Laine Stump laine at laine.org
Wed Jun 25 14:29:37 UTC 2014 

(Please don't top-post. Instead include your responses inline instead.
It is much easier to follow the conversation and respond to multiple
points that way.

On 06/25/2014 04:16 PM, abhishek jain wrote:
> HI Laine,
>
> Looks like we are able to run qemu-bridge-helper and it internally
> tries to create tap interface.
> While creating this tap interface we are getting Operation not
> permitted error:
> *
> *
> *failed to create tun device: Operation not permitted
>
> *
> How we can create tun interface without root user is the issue. Please
> let us know how to proceed on this.

That's what I've tried to tell you in the last two responses, and you
haven't given any new information about whether or not 1) your binary
has the suid bit set, or 2) you tried setting it. If you don't
understand why that would help, please read up on the "suid bit" and
what it does.

If you have set the suid bit of the binary, and have checked the web
page I indicated, compared your /etc/qemu/bridge.conf, and found that it
had proper content to satisfy the ACL requirements of
qemu-bridge-helper, but it still doesn't work, then you'll need to go to
a qemu-specific help source, such as the #qemu channel on irc.oftc.net -
libvirt doesn't do anything directly with the qemu-bridge-helper (and
aside from that, you are apparently not even using libvirt, but are
instead running qemu/kvm directly.)


>
>
>
>
> On Wed, Jun 25, 2014 at 6:21 PM, Laine Stump <laine at laine.org
> <mailto:laine at laine.org>> wrote:
>
>     On 06/25/2014 03:28 PM, abhishek jain wrote:
>>     Hi Laine
>>
>>     I'm able to run the qemu-bridge-helper but with root authority.
>>     I need to run it with non-root user.How can i do that?
>
>     The entire point of qemu-bridge-helper is that it can be run by
>     non-privileged users, but once run it has root privileges. This is
>     done by the binary having the "suid bit" set. If your distro
>     didn't install it this way, that is a bug (an ls -l of the binary
>     should show "rwsr-xr-x" permissions) . You can fix it with the
>     chmod command (e.g. "chmod 4755 /usr/libexec/qemu-bridge-helper").
>     If that is what was broken, and you used the distro-built package,
>     you should report it as a bug to the distro's bug tracking system.
>
>     Beyond that, you need to read about the qemu-bridge-helper ACL
>     file in the link I originally gave (along with other info you can
>     find with a google search).
>
>
>>
>>     Thanks
>>
>>
>>     On Wed, Jun 25, 2014 at 5:43 PM, Laine Stump <laine at laine.org
>>     <mailto:laine at laine.org>> wrote:
>>
>>         On 06/25/2014 10:22 AM, abhishek jain wrote:
>>         > Hi
>>         >
>>         > I'm able to run the below command using root permission....
>>         >
>>         >  sudo kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M
>>         ppce500
>>         > Warning: netdev hostnet has no peer
>>         > Could not initialize SDL(No available video device) - exiting
>>         >
>>         >
>>         > However when I'm running the same command without root
>>         authority,I'm
>>         > getting following logs...
>>         >
>>         >  kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500
>>         > failed to create tun device: Operation not permitted
>>         > failed to launch bridge helper
>>         > kvm: -netdev bridge,br=qbr0ccdca50-fa,id=hostnet: Device
>>         'bridge'
>>         > could not be initialized
>>         >
>>         >
>>         > I need to run the above command without root
>>         authority.Please help
>>         > regarding this.
>>
>>         Search for qemu-bridge-helper and you should find information
>>         about the
>>         ACL file that needs to be setup for this to work properly.
>>         For example,
>>         this has a short description, but doesn't sound like it's
>>         intended to be
>>         the final authority:
>>
>>           http://wiki.qemu.org/Features/HelperNetworking
>>
>>
>>
>>
>>     _______________________________________________
>>     libvirt-users mailing list
>>     libvirt-users at redhat.com <mailto:libvirt-users at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/libvirt-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140625/9594b7e8/attachment.htm>

More information about the libvirt-users mailing list