[libvirt-users] Controlling the name of the 'tap0' device, in a bridged networking setup
Laine Stump
laine at laine.org
Tue Jan 17 19:46:27 UTC 2017
On 01/14/2017 06:30 AM, Govert wrote:
> Hi,
>
> I'm trying to control the name of the 'tap0' device that gets created
> as I start a domain that uses bridged networking. The XML
> specification of the domain contains the following configuration
>
> <interface type='bridge'>
> <source bridge='br0'/>
> </interface>
>
> The libvirt documentation
> (http://libvirt.org/formatdomain.html#elementsNICSBridge) and other
> discussions online tell me that I just need to include the <target
> dev='desired_dev_name'/> tag in the XML specification of the domain
> under the <interface> tag. Unfortunately doing so appears to have no
> effect; the tun device created and 'enslaved' in the bridge is still
> called 'tap0'. Interestingly, I never get a tun device with a name
> prefixed by 'vnet' or 'vif' which, according to the documentation, is
> the default behaviour (?). The host is running CentOS 7, and virsh is
> used to start the domain.
This is because you're running virsh as a non-privileged user (rather
than root) and so are connecting to that user's personal non-privileged
libvirtd (aka qemu:///session) rather than the system's privileged
libvirtd (qemu:///system). When using qemu:///session, libvirtd is
unable to create tap devices itself (because it doesn't have sufficient
privilege for it), so it executes qemu-bridge-helper (from the qemu
package) requesting that a tap device be created and attached to the
bridge device specified on its commandline. Unfortunately,
qemu-bridge-helper doesn't provide any way to specify the tap device
name, so you get what it decides to give you (which happens to be "tap%d").
If you want more control over the name of the tap device (and many other
things), you should look into using qemu:///system. That may seem less
secure, but libvirt actually does a very good job of confining the qemu
process - after setting up all the resources that will be needed (which
are labeled with an selinux context unique to this particular guest) and
setting up cgroups to limit use of system resources, it switches to a
different (non-privileged) uid and drops all capabilities before
exec'ing qemu.
(Note that, even if you're using qemu:///system, any manually-specified
tap device name that starts with "vnet" will be discarded (it assumes
that it is an auto-generated name left over from a previous run, or from
plugging a domain's status XML into virsh define)).
More information about the libvirt-users
mailing list