LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices

Reply
 
Search this Thread
Old 01-08-2014, 01:39 PM   #1
insectiod
LQ Newbie
 
Registered: Feb 2013
Posts: 27

Rep: Reputation: Disabled
How to securley run qemu with tap device for networking


I run qemu without libvirt. I want to use a tap device on host for networking. I'm suspect that running qemu as root is insecure, so I would like to run it as an ordinary user (correct me if I'm wrong). It seems like the easiest way to do this is to set up the bridge and tap0 manually, and then just tell qemu to use the tap interface. This is what I got so far:
Code:
>>>ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.112  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::21c:25ff:fe7e:60fa  prefixlen 64  scopeid 0x20<link>
        ether 00:1c:25:7e:60:fa  txqueuelen 0  (Ethernet)
        RX packets 10161  bytes 679450 (663.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6437  bytes 1046638 (1022.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::21c:25ff:fe7e:60fa  prefixlen 64  scopeid 0x20<link>
        ether 00:1c:25:7e:60:fa  txqueuelen 1000  (Ethernet)
        RX packets 69655  bytes 6728140 (6.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 67272  bytes 26923616 (25.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xfe200000-fe220000

tap0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 1a:59:cd:a4:ea:ae  txqueuelen 500  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Code:
>>>sudo brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.001c257e60fa       no              eth0
                                                        tap0
Code:
>>>qemu-system-i386 -netdev tap,ifname=tap0,id=mynet0,script=no -device i82559c,netdev=mynet0 -m 1024 slack.qcow2
qemu-system-i386: -netdev tap,ifname=tap0,id=mynet0,script=no: could not configure /dev/net/tun (tap0): Operation not permitted
qemu-system-i386: -netdev tap,ifname=tap0,id=mynet0,script=no: Device 'tap' could not be initialized
However, running the above as superuser works fine. What I'm I doing wrong?

Versions: qemu 1.7.0 on slackware 32bit 14.1
 
Old 01-08-2014, 02:16 PM   #2
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware -current (multilib) with kernel 3.15.5
Posts: 1,498
Blog Entries: 12

Rep: Reputation: 155Reputation: 155
Not that it answers your question, but you could use
-runas <username> on your command line.

Or you could chmod /dev/net/tun but I suspect that's not any more secure than running qemu as root.

Last edited by mostlyharmless; 01-08-2014 at 02:18 PM.
 
1 members found this post helpful.
Old 01-08-2014, 07:04 PM   #3
jefro
Guru
 
Registered: Mar 2008
Posts: 11,116

Rep: Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362
You should never be on as root is a common thought.

Qemu is fine running as a user but you may have to give that user some extra small permission. This is where I think the standard user is failing for you. I don't use qemu on linux enough to tell so others could maybe fix your code or permissions.
 
1 members found this post helpful.
Old 01-08-2014, 10:05 PM   #4
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 6.5
Posts: 481

Rep: Reputation: 85
I never used qemu by itself, on KVM with libvirt, i specify network details in the individual xml of the virtual machine and then I normally specify br0. It seems to work fine without setting up a tap device. Could it possibly work like that in your case?

Last edited by ericson007; 01-09-2014 at 04:01 PM. Reason: removed paragraph so solution posted by op is more clear
 
Old 01-09-2014, 10:55 AM   #5
insectiod
LQ Newbie
 
Registered: Feb 2013
Posts: 27

Original Poster
Rep: Reputation: Disabled
I've solved it by using the -u option for user when creating the tap device:
Code:
sudo tunctl -t tap0 -u me
 
Old 01-11-2014, 02:22 PM   #6
jefro
Guru
 
Registered: Mar 2008
Posts: 11,116

Rep: Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362
Thanks for the update and solution. Good job.
 
  


Reply

Tags
qemu, slack, tap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] KVM Qemu instance bridged tap interface disconnects, cutting me off from the guest rylan76 Linux - Virtualization and Cloud 1 11-07-2012 06:35 AM
qemu - run Linux from Scracth gives a cannot mount rootfs hda - unkown device MarcosPauloBR Linux - Virtualization and Cloud 3 10-17-2011 08:47 AM
QEMU: tap networking issue Host: windows 2003 server, guest: Ubuntu 9.04 ccc123 Linux - Networking 1 10-28-2010 09:26 AM
bridging, tun/tap, qemu issues kc8tbe Linux - Networking 10 03-19-2007 01:47 PM
qemu tun/tap sudo problem andbn Linux - Networking 2 10-20-2006 01:10 PM


All times are GMT -5. The time now is 07:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration