This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 699817 - Guests not starting using interface type= ethernet (could not configure /dev/net/tun : Operation not permitted
Guests not starting using interface type= ethernet (could not configure /dev/...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
14
x86_64 Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Libvirt Maintainers
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-04-26 12:42 EDT by Muzi
Modified: 2012-01-24 17:40 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-01-24 17:40:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Muzi 2011-04-26 12:42:16 EDT
Description of problem:

VMS not starting using interface type = ethernet 


Version-Release number of selected component (if applicable):0.8.3-9


How reproducible:

100%

Steps to Reproduce:
1. Configure /etc/libvirt/qemu.conf with user != root
2. Start guest using interface type = ethernet
3.
  
Actual results:
Guests startup fail, and below error

[root@myhost ~]# virsh start vm-1
error: Failed to start domain vm-1
qemu-kvm: -net tap,ifname=tap5,script=/etc/KVM/vm-1.sh,vlan=0,name=hostnet0: could not configure /dev/net/tun (tap5): Operation not permitted
qemu-kvm: -net tap,ifname=tap5,script=/etc/KVM/vm-1.sh,vlan=0,name=hostnet0: Device 'tap' could not be initialized

Expected results:

It should be started.

Additional info:

Dump of xml file for guest vm-1 for related network section.

[root@myhost]# virsh dumpxml vm-1
<domain type='kvm'>                         
  <name>vm-1</name>                    
  <uuid>8ff0b8b4-ece3-a127-0863-8a64198bfda8</uuid>
  <memory>262144</memory>                          
  <currentMemory>262144</currentMemory>            
  
  <interface type='ethernet'>
      <mac address='52:54:00:aa:0e:d4'/>
      <script path='/etc/KVM/vm-1.sh'/>
      <target dev='tap5'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </interface>
    
  </devices>
</domain>

In network script, i use root user for setup tap interface, i also try to bypass the below line, but result is same.

tunctl -b -u root -t tap5 

Please suggest solution, as we need/require network interface (tap) for vms.
Comment 1 Muzi 2011-05-03 09:31:01 EDT
Any updates on this ???? is highly appreciated. 

Thanks
Comment 2 Cole Robinson 2011-05-03 10:33:36 EDT
There is a FAQ page here about making type=ethernet work in fedora:

http://fedoraproject.org/wiki/Tools/Virtualization/BugReporting#Errors_using_.3Cinterface_type.3D.27ethernet.27.2F.3E

Since it sounds like you are running the qemu process as non-root, qemu likely doesn't have permissions to mess with /dev/net/tun, so this is probably NOTABUG
Comment 3 Muzi 2011-05-04 03:13:01 EDT
Thanks Cole Robinson, to look in to, can you plz suggest, if we run qemu process with root user, then any security consideration ? with root user its working f9 for tap/tun, can we set root user in qemu.conf ? Please suggest.
Comment 4 Cole Robinson 2011-05-05 10:48:32 EDT
Running qemu as root is not as secure as running qemu as the 'qemu' user. If a user in the virtual machine can exploit qemu and escape, they will then have root privileges on the host.

However that's the only way I know how to make your network configuration work. There might be some other way, but I don't know it, and it's unlikely it will ever be anything that libvirt will automatically do for you, since using qemu network scripts isn't a really supportable configuration from libvirt's POV
Comment 5 Muzi 2011-05-05 14:05:45 EDT
So qemu only bond for bridge setup (normally for child networking), there must be professional approach like routed networking, as only way to use tap/ethernet networking for routing setup, but after privileges drop, its limited to root user, there must be some way to use routed networking in qemu.
Comment 6 Fedora Admin XMLRPC Client 2011-09-22 13:55:58 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 7 Fedora Admin XMLRPC Client 2011-09-22 13:59:12 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 8 Fedora Admin XMLRPC Client 2011-11-30 14:54:57 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 9 Fedora Admin XMLRPC Client 2011-11-30 14:57:04 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 10 Fedora Admin XMLRPC Client 2011-11-30 15:00:49 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 11 Fedora Admin XMLRPC Client 2011-11-30 15:02:35 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 12 Cole Robinson 2012-01-24 17:40:21 EST
F14 is EOL, please reopen if this is still relevant in a more recent fedora.

Note You need to log in before you can comment on or make changes to this bug.