Running KVM without root privileges

Running KVM without root privileges

[Eugene Coetzee]

Hi .

I'm trying to run KVM on Feisty, 64 bit Intel with the "-net nic -net
tap" switches so I can use it in bridged network mode.

It refuses and I have to run it sudo which for security concerns I don't
want to do.

The error message is : "warning: could not configure /dev/net/tun: no
virtual network emulation
Could not initialize device 'tap''

I have googled everywhere on the net todo with debian/ubuntu and these
error messages and have tried every trick in the book: I have even
changed udev settings so that the permissions on /dev/net/tun are ok for
non-root users. Also tried all kind of tricks in sudoers. Nothing helps.

regards,

Eugene


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

Re: Running KVM without root privileges

[Luca]

On 8/19/07, Eugene Coetzee <eugene-ms3nWvnsWYxl57MIdRCFDg@public.gmane.org> wrote:
> Hi .
>
> I'm trying to run KVM on Feisty, 64 bit Intel with the "-net nic -net
> tap" switches so I can use it in bridged network mode.
>
> It refuses and I have to run it sudo which for security concerns I don't
> want to do.
>
> The error message is : "warning: could not configure /dev/net/tun: no
> virtual network emulation
> Could not initialize device 'tap''

You need CAP_NET_ADMIN to fiddle with TUN/TAP.

Luca

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

Re: Running KVM without root privileges

[Eugene Coetzee]

Luca wrote:

>On 8/19/07, Eugene Coetzee <eugene-ms3nWvnsWYxl57MIdRCFDg@public.gmane.org> wrote:
>  
>
>>Hi .
>>
>>I'm trying to run KVM on Feisty, 64 bit Intel with the "-net nic -net
>>tap" switches so I can use it in bridged network mode.
>>
>>It refuses and I have to run it sudo which for security concerns I don't
>>want to do.
>>    
>>
>You need CAP_NET_ADMIN to fiddle with TUN/TAP.
>  
>
Thanks for the reply. I'm a little confused about the interaction 
between KVM and qemu. Which binary requires CAP_NET_ADMIN capability - 
KVM or qemu ?

(see http://www.friedhoff.org/fscaps.html#Qemu )

regards,





-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

Re: Running KVM without root privileges

[Luca]

On 8/19/07, Eugene Coetzee <eugene-ms3nWvnsWYxl57MIdRCFDg@public.gmane.org> wrote:
> Luca wrote:
> >On 8/19/07, Eugene Coetzee <eugene-ms3nWvnsWYxl57MIdRCFDg@public.gmane.org> wrote:
> >>Hi .
> >>
> >>I'm trying to run KVM on Feisty, 64 bit Intel with the "-net nic -net
> >>tap" switches so I can use it in bridged network mode.
> >>
> >>It refuses and I have to run it sudo which for security concerns I don't
> >>want to do.
> >>
> >>
> >You need CAP_NET_ADMIN to fiddle with TUN/TAP.
> >
> >
> Thanks for the reply. I'm a little confused about the interaction
> between KVM and qemu. Which binary requires CAP_NET_ADMIN capability -
> KVM or qemu ?

In the upstream package 'kvm' is just a script wrapper that invokes
the right qemu executable (the userspace component of KVM is a
modified QEMU). The exact naming depends on your distro, e.g. Debian
package puts the executable in /usr/bin/kvm.

Luca

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

Re: Running KVM without root privileges

[Eugene Coetzee]

Luca wrote:

>>Thanks for the reply. I'm a little confused about the interaction
>>between KVM and qemu. Which binary requires CAP_NET_ADMIN capability -
>>KVM or qemu ?
>>    
>>
>
>In the upstream package 'kvm' is just a script wrapper that invokes
>the right qemu executable (the userspace component of KVM is a
>modified QEMU). The exact naming depends on your distro, e.g. Debian
>package puts the executable in /usr/bin/kvm.
>
>Luca
>
>
>  
>
Thanks for the advice. I have posted the solution to the problem on 
Ubuntu Feisty at:

http://www.linuxforums.org/forum/ubuntu-help/101274-running-kvm-without-root-privileges.html#post499980 


kind regards,

Eugene Coetzee

-- 
--
===============================================
Reedflute Software Solutions

Telephone           -> +27 18 293 3236
General information -> info-ms3nWvnsWYxl57MIdRCFDg@public.gmane.org
Project information -> projects-ms3nWvnsWYxl57MIdRCFDg@public.gmane.org
Web                 -> www.reedflute.com
=============================================== 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/