[SOLVED] How to securley run qemu with tap device for networking
Linux - Virtualization and CloudThis forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
How to securley run qemu with tap device for networking
I run qemu without libvirt. I want to use a tap device on host for networking. I'm suspect that running qemu as root is insecure, so I would like to run it as an ordinary user (correct me if I'm wrong). It seems like the easiest way to do this is to set up the bridge and tap0 manually, and then just tell qemu to use the tap interface. This is what I got so far:
>>>sudo brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001c257e60fa no eth0
>>>qemu-system-i386 -netdev tap,ifname=tap0,id=mynet0,script=no -device i82559c,netdev=mynet0 -m 1024 slack.qcow2
qemu-system-i386: -netdev tap,ifname=tap0,id=mynet0,script=no: could not configure /dev/net/tun (tap0): Operation not permitted
qemu-system-i386: -netdev tap,ifname=tap0,id=mynet0,script=no: Device 'tap' could not be initialized
However, running the above as superuser works fine. What I'm I doing wrong?
You should never be on as root is a common thought.
Qemu is fine running as a user but you may have to give that user some extra small permission. This is where I think the standard user is failing for you. I don't use qemu on linux enough to tell so others could maybe fix your code or permissions.
I never used qemu by itself, on KVM with libvirt, i specify network details in the individual xml of the virtual machine and then I normally specify br0. It seems to work fine without setting up a tap device. Could it possibly work like that in your case?
Last edited by ericson007; 01-09-2014 at 04:01 PM.
Reason: removed paragraph so solution posted by op is more clear