[libvirt-users] qemu-bridge-helper issue

Laine Stump laine at laine.org
Wed Jun 25 12:51:01 UTC 2014 

On 06/25/2014 03:28 PM, abhishek jain wrote:
> Hi Laine
>
> I'm able to run the qemu-bridge-helper but with root authority.
> I need to run it with non-root user.How can i do that?

The entire point of qemu-bridge-helper is that it can be run by
non-privileged users, but once run it has root privileges. This is done
by the binary having the "suid bit" set. If your distro didn't install
it this way, that is a bug (an ls -l of the binary should show
"rwsr-xr-x" permissions) . You can fix it with the chmod command (e.g.
"chmod 4755 /usr/libexec/qemu-bridge-helper"). If that is what was
broken, and you used the distro-built package, you should report it as a
bug to the distro's bug tracking system.

Beyond that, you need to read about the qemu-bridge-helper ACL file in
the link I originally gave (along with other info you can find with a
google search).


>
> Thanks
>
>
> On Wed, Jun 25, 2014 at 5:43 PM, Laine Stump <laine at laine.org
> <mailto:laine at laine.org>> wrote:
>
>     On 06/25/2014 10:22 AM, abhishek jain wrote:
>     > Hi
>     >
>     > I'm able to run the below command using root permission....
>     >
>     >  sudo kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500
>     > Warning: netdev hostnet has no peer
>     > Could not initialize SDL(No available video device) - exiting
>     >
>     >
>     > However when I'm running the same command without root authority,I'm
>     > getting following logs...
>     >
>     >  kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500
>     > failed to create tun device: Operation not permitted
>     > failed to launch bridge helper
>     > kvm: -netdev bridge,br=qbr0ccdca50-fa,id=hostnet: Device 'bridge'
>     > could not be initialized
>     >
>     >
>     > I need to run the above command without root authority.Please help
>     > regarding this.
>
>     Search for qemu-bridge-helper and you should find information
>     about the
>     ACL file that needs to be setup for this to work properly. For
>     example,
>     this has a short description, but doesn't sound like it's intended
>     to be
>     the final authority:
>
>       http://wiki.qemu.org/Features/HelperNetworking
>
>
>
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140625/44ea0bdf/attachment.htm>

More information about the libvirt-users mailing list