[Bug 1724441] Re: No external network access for VMs

Tue, 24 Oct 2017 02:01:56 -0700 

Hi,
thanks Michael for the report.
Looking into this from the libvirt POV.

This is - on the virtualization side - a known limitation of qemu:///session
Here an example to show the basics.

I first started with a test to confirm/debug the issue

test xml describing a most basic nat network:

# cat testnet.xml 
<network>
  <name>testnet</name>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='testnetbr0' stp='on' delay='0'/>
  <ip address='192.168.123.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.123.2' end='192.168.123.254'/>
    </dhcp>
  </ip>
</network>


That works fine in a normal lifecycle in qemu:///system.
 $ virsh -c qemu:///system net-destroy testnet
 $ virsh -c qemu:///system net-start testnet
 $ virsh -c qemu:///system net-destroy testnet
 $ virsh -c qemu:///system net-undefine testnet

It also works fine if running on qemu:///session as root, but if being a normal 
user that fails on the "net-start" action. The reason for this is a lack of 
permissions of the normal user to e.g. define the bridge. In detail you see 
like:
 $ virsh -c qemu:///session net-start testnet
 error: Failed to start network testnet
 error: error creating bridge interface testnetbr0: Operation not permitted

Now there is a way to resolve that usually in the form of 
"/usr/lib/qemu/qemu-bridge-helper".
This is a special tool provided, but not further enabled/preconfigured mostly 
for:
a) being an uncommon case
b) security concerns
So an admin (or another program using it) has to it set up as needed

I wonder if gnome-boxes did something about/with it before which now
doesn't work - but if so I don't know what - sorry.

If this is an issue in libvirt I'd need more details what worked before and 
failed now.
Maybe you or some gnome people can uncover that?

Some references on the general topic:
https://wiki.qemu.org/Features/HelperNetworking
http://jonaspfannschmidt.com/libvirt_session.html
http://isonprojects.com/qemu-bridge-network-in-ubuntu-14-04/

** Changed in: libvirt (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1724441

Title:
  No external network access for VMs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-boxes/+bug/1724441/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to