16.12.2010 22:40, Yves-Alexis Perez wrote: [] >> There's no such thing as "internal script". By default qemu - given >> -net tap as above - _creates_ a network device, and runs the script >> specified only _after_ the device is created. Here, you don't have >> permission to _create_ a network device to start with. > > The various howtos found on the net seem to indicate the script is > responsible for creating the device. See > http://en.wikibooks.org/wiki/QEMU/Networking for example.
We can't be responsible for every error in every internet publication out there. The above wiki page is wrong in that it's wrong to _create_ the tap device inside the configuration script. [] >> The script runs against already created tap device - created either >> by qemu itself, or pre-created (and given with ifname=NNN to qemu). > > Ok so passing ifname=NNN should prevent the device to be created by kvm. No. qemu will create a device if it's not already exist, be it a named or randomly-numbered one. >> There's no point or ability to _create_ a tap device _inside_ the >> script - because it has the same permissions anyway, and because >> now there's no way to pass the tap device back to qemu. > > I thought the name was given has an argument to the script, so qemu > already knows it. And that means it's possible to gain root in the > script using sudo. Yes, the iface name is passed as first argument to the script, because qemu has it created and open at the time when the script is run. >>> Using script=no fixes the problem but means one has to setup everything >>> himself. >> >> Fixes which problem? Qemu still need the tap device - either created >> internally or pre-created. > > I meant that when passing script=no, qemu didn't try to create the tap > device itself, but that's wrong, it's when I used ifname=foo. And you're wrong again. Qemu needs a working tap device, - either pre-created or created by qemu itself, no matter if you use ifname=foo or script=foo or script=no. /mjt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

