On jeu., 2010-12-16 at 21:08 +0300, Michael Tokarev wrote: > 16.12.2010 20:40, Yves-Alexis Perez wrote: > > Package: qemu-kvm > > Version: 0.12.5+dfsg-5 > > Severity: important > > > > Hey, > > > > I'm experiencing a weird problem with kvm. It seems that network scripts > > aren't run at all, and an internal script is always used, which won't > > work as user: > > > > yape...@oban: kvm -net nic -net tap > > could not configure /dev/net/tun: Operation not permitted > > There's no such thing as "internal script". By default qemu - given > -net tap as above - _creates_ a network device, and runs the script > specified only _after_ the device is created. Here, you don't have > permission to _create_ a network device to start with.
The various howtos found on the net seem to indicate the script is responsible for creating the device. See http://en.wikibooks.org/wiki/QEMU/Networking for example. > > > running it as root or through sudo works fine. > > > > By default, manpage says it should use /etc/kvm/kvm-ifup script, which > > doesn't do anything tun related, which means it's done inside kvm > > itself. > > The script runs against already created tap device - created either > by qemu itself, or pre-created (and given with ifname=NNN to qemu). Ok so passing ifname=NNN should prevent the device to be created by kvm. > There's no point or ability to _create_ a tap device _inside_ the > script - because it has the same permissions anyway, and because > now there's no way to pass the tap device back to qemu. I thought the name was given has an argument to the script, so qemu already knows it. And that means it's possible to gain root in the script using sudo. > > > Using script=no fixes the problem but means one has to setup everything > > himself. > > Fixes which problem? Qemu still need the tap device - either created > internally or pre-created. I meant that when passing script=no, qemu didn't try to create the tap device itself, but that's wrong, it's when I used ifname=foo. > > Qemu does nothing with the tap device it created (or took from ifname=XXX) > except of "connecting" it to guest. Everything else is done outside - > either in the script or by external means. And the steps necessary > to use this device on the host side does not depend on who created > the tap device. > > If you want to run in as non-root you may pre-create a tap device > before running qemu, and give certain user or group access to it. > You may pre-configure it too, by adding to an appropriate bridge > or setting up routing. > > Closing this bug right away, which was due to either invalid usage > or some misunderstanding of how things work. Yeah, sorry. I still think there's a valid bug against the documentation, which is a bit scarse on the tap stuff. Sorry for bothering. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part

