[libvirt-users] How to use /dev/net/tun from libvirt-lxc with user namespacing enabled

Thiago Padilha tpadilha84 at gmail.com
Wed Jan 31 10:57:27 UTC 2018

On Wed, Jan 31, 2018 at 6:18 AM, Daniel P. Berrangé <berrange at redhat.com> wrote:
> That config makes the filesystem containing the device node visible, but
> does not grant access to device nodes themselves.
> You instead need device passthrough
> <hostdev mode='capabilities' type='misc'>
>   <source>
>     <char>/dev/net/tun</char>
>   </source>
> </hostdev>

Just tried adding the suggested <hostdev> snippet but /dev/net/tun is
still not accessible:

    $ cat /dev/net/tun
    cat: /dev/net/tun: Operation not permitted

Where outside the container or when in LXD or systemd-nspawn I see:

    $ cat /dev/net/tun
    cat: /dev/net/tun: File descriptor in bad state

(Which is the expected output)

More information about the libvirt-users mailing list