Ken Moffat wrote:
On Sun, Nov 30, 2014 at 02:40:30PM -0600, Bruce Dubbs wrote:
Lfs User wrote:
To use -net nic -net tap (bridging) with qemu as a user I had to also:
chgrp kvm /sbin/ip /usr/sbin/brctl /usr/bin/qemu-system-x86_64
setcap cap_net_admin=eip /usr/sbin/brctl
setcap cap_net_admin=eip /usr/bin/qemu-system-x86_64
setcap cap_net_admin=eip /sbin/ip
This requires libcap. I don't use pam.
I could not get bridging working with dhcpcd (in the host), it kept
timing out. I had to use a static ip address as in the example in the
book. dhcpcd works fine in the VM.
Is there a requirement to run qemu as a non-root user? The capabilities are
really in root's domain.
Running it as a user seems like the correct thing to do. We
already say
| You will need a dedicated group that will contain users (other than
|root) allowed to access the KVM device. Add the group by running the
|following command as the root user:
|
|groupadd -g 61 kvm
Yes, we do that. What do you suggest that we do then? We can change
the group of /usr/bin/qemu* to kvm and set them sgid. We would also
need to do that for /usr/sbin/brctl and /sbin/ip to get networking to work.
Looking at the above, should brctl be moved to /sbin?
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
