Running KVM without root privileges

ozonblue

Hi .

I'm trying to run KVM on Feitsy, 64 bit Intel with the "-net nic -net tap" switches so I can use it in bridged network mode.

It refuses and I have to run it sudo which for security concerns I don't want to do.

The error message is : "warning: could not configure /dev/net/tun: no virtual network emulation
Could not initialize device 'tap''

I have googled everywhere on the net todo with debian/ubuntu and thes messages and have tried every trick in the book: I have even changed udev settings so that the permissions on /dev/net/tun are ok for non-root users. Nothing helps.

regards,

Eugene

ozonblue

Ok - I found a solution on Ubuntu Feisty:

Based on
this link

the problem with Linux 2.6.18 and up is the CAP_NET_ADMIN capability associated with persistent tap interfaces.

Using tunctl to bring up a tap interface in a wrapper script for kvm:

1) apt-get install bridge-utils uml-utilities

2) The /etc/network/interfaces file:

Quote:

auto lo eth0 br0

# The loopback network interface

iface lo inet loopback

# The bridge interface

iface br0 inet dhcp
bridge_ports eth0
bridge_maxwait 2
up /sbin/ifconfig eth0 inet 0.0.0.0 promisc

# The primary network interface

iface eth0 inet static
address 192.168.0.129
netmask 255.255.255.0

3) Add to /etc/udev/rules.d/40-permissions.rules file:

Quote:

KERNEL=="tun", MODE="0666"

4) Modify /etc/kvm/kvm-ifup file:

Quote:

#!/bin/sh
switch=$(ip route list | awk '/^default / { print $NF }')
sudo ifconfig $1 0.0.0.0 up
sudo brctl addif ${switch} $1

5) Wrapper script for KVM:

Quote:

#!/usr/bin/env bash
# script to manage tap interface allocation
# for linux kernels >= 2.6.18

# set up a tap interface for qemu
# USERID - uid qemu is being run under.
USERID=`whoami`

# generate a random mac address for the qemu nic
# shell script borrowed from user pheldens @ qemu forum

ranmac=$(echo -n DE:AD:BE:EF ; for i in `seq 1 2` ; \
do echo -n `echo ":$RANDOM$RANDOM" | cut -n -c -3` ;done)

# specify which NIC to use - see qemu.org for others
# model=r8169
iface=`sudo tunctl -b -u $USERID`

# start kvm with our parameters
echo "Bringing up interface $iface with mac address $ranmac"
kvm -no-acpi -m 384 -net nic,vlan=0,macaddr=$ranmac -net tap,vlan=0,ifname=$iface -no-reboot $@ /virtual/kvm/winxp.img

# qemu has stopped - no longer using tap interface
sudo tunctl -d $iface &> /dev/null

regards,

Eugene Coetzee

August 17th, 2007	#1
ozonblue First Cup of Ubuntu Join Date: Oct 2006 Beans: 3	Running KVM without root privileges Hi . I'm trying to run KVM on Feitsy, 64 bit Intel with the "-net nic -net tap" switches so I can use it in bridged network mode. It refuses and I have to run it sudo which for security concerns I don't want to do. The error message is : "warning: could not configure /dev/net/tun: no virtual network emulation Could not initialize device 'tap'' I have googled everywhere on the net todo with debian/ubuntu and thes messages and have tried every trick in the book: I have even changed udev settings so that the permissions on /dev/net/tun are ok for non-root users. Nothing helps. regards, Eugene

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode