Only tap interface access matters. Not sure about best practice, but I just add my user to the nvmm group to access the /dev/nvmm device and use usermode networking in QEMU. This works with a regular user. For the real bridged network (when vm is seen as a real host and can be pinged) you should either have rw access to the /dev/tap[0123] or run QEMU as root.
чт, 3 июл. 2025 г., 06:00 Brook Milligan <br...@biology.nmsu.edu>: > > > On Jul 2, 2025, at 17:40, Vitaly Shevtsov <shev.vt1...@gmail.com> wrote: > > > > I think you might forget to "up" the tap interface. > > Thanks for pointing that out. Thinking this through, I could have indeed > forgotten that. Many “real” interfaces don’t need it, so I am sometimes > lazy about that. Thanks for the reminder. > > > In short you just need to add your host physical interface and virtual > > tap interface (connected to the guest) to the same bridge: > > ifconfig tap0 create up //chmod a+rw /dev/tap0 to run QEMU as non-root > > ifconfig bridge0 create > > brconfig bridge0 add wm0 add tap0 up > > > > then start QEMU with the following options: > > -netdev tap,id=net0,ifname=tap0,script=no,downscript=no -device > > virtio-net-pci,netdev=net0 > > > > Now your guest can communicate outside the virtual machine. > > Yes, that is what I am now doing. > > Does the user running QEMU matter beyond being able to read the files > (disks, network device, etc.)? > > What is best practice regarding that? > > Cheers, > Brook > >
