Fischer, Anna
2012-Jan-23 09:25 UTC
[libvirt-users] libvirt 0.9.9: could not open /dev/net/tun: Operation not permitted
Hi, I'm running the latest libvirt 0.9.9. I'm trying to start a VIF of type "Ethernet". I know there are problems with that because you need to be root in order to control the tun/tap driver. I changed my qemu.conf file to user = "root" group = "root" clear_emulator_capabilities = 0 However, I still get an error when trying to start my VM: [root]# virsh start vm-0-3 error: Failed to start domain vm-0-3 error: internal error process exited while connecting to monitor: qemu-system-x86_64: -net tap,ifname=vif-0-3,script=/etc/libvirt/qemu/vif-vnet-up,vlan=0,name=hostnet0: could not open /dev/net/tun: Operation not permitted qemu-system-x86_64: -net tap,ifname=vif-0-3,script=/etc/libvirt/qemu/vif-vnet-up,vlan=0,name=hostnet0: Device 'tap' could not be initialized I run the latest qemu-kvm. The permissions on the tun device are set to default settings and my scripts are executable by anyone: [root ~]# ll /dev/net/tun crw-rw---- 1 root root 10, 200 Jan 20 15:39 /dev/net/tun [root ~]# ll /etc/libvirt/qemu/vif-vnet-* -rwxrwxrwx 1 root root 150 Jan 17 15:52 /etc/libvirt/qemu/vif-vnet-down -rwxrwxrwx 1 root root 137 Jan 19 17:51 /etc/libvirt/qemu/vif-vnet-up Any idea what I'm doing wrong here? I have actually also compiled libvirt with --without capng, so it should not drop capabilities anyway. Why does it not run as root? Thanks, Anna
Fischer, Anna
2012-Jan-23 10:03 UTC
[libvirt-users] libvirt 0.9.9: could not open /dev/net/tun: Operation not permitted
> Subject: [libvirt-users] libvirt 0.9.9: could not open /dev/net/tun: > Operation not permitted > > Hi, I'm running the latest libvirt 0.9.9. > > I'm trying to start a VIF of type "Ethernet". I know there are problems > with that because you need to be root in order to control the tun/tap > driver. > > I changed my qemu.conf file to > > user = "root" > group = "root" > clear_emulator_capabilities = 0 > > However, I still get an error when trying to start my VM: > > [root]# virsh start vm-0-3 > error: Failed to start domain vm-0-3 > error: internal error process exited while connecting to monitor: qemu- > system-x86_64: -net tap,ifname=vif-0-3,script=/etc/libvirt/qemu/vif- > vnet-up,vlan=0,name=hostnet0: could not open /dev/net/tun: Operation > not permitted > qemu-system-x86_64: -net tap,ifname=vif-0- > 3,script=/etc/libvirt/qemu/vif-vnet-up,vlan=0,name=hostnet0: Device > 'tap' could not be initialized > > I run the latest qemu-kvm. > > The permissions on the tun device are set to default settings and my > scripts are executable by anyone: > > [root ~]# ll /dev/net/tun > crw-rw---- 1 root root 10, 200 Jan 20 15:39 /dev/net/tun > > [root ~]# ll /etc/libvirt/qemu/vif-vnet-* > -rwxrwxrwx 1 root root 150 Jan 17 15:52 /etc/libvirt/qemu/vif-vnet-down > -rwxrwxrwx 1 root root 137 Jan 19 17:51 /etc/libvirt/qemu/vif-vnet-up > > Any idea what I'm doing wrong here? I have actually also compiled > libvirt with --without capng, so it should not drop capabilities > anyway. Why does it not run as root? > > Thanks, > AnnaThe full error message is actually this: LC_ALL=C PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=none /usr/local/bin/qemu-system-x86_64 -S -M pc-1.0 -enable-kvm -m 1024 -smp 1,sockets=1,cores=1,threads=1 -name vm-0-3 -uuid 284b4d32-ca8a-ee80-8bf3-d58e763f0b47 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/vm-0-3.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=utc -drive file=/var/lib/libvirt/images/testdisk.img,if=none,id=drive-ide0-0-0,format=raw -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=/home/sup/vmConfigDir/vm-0-3/vm-0-3.iso,if=none,media=cdrom,id=drive-ide0-1-1,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=1,drive=drive-ide0-1-1,id=ide0-1-1 -device e1000,vlan=0,id=net0,mac=52:54:99:ff:15:17,bus=pci.0,addr=0x3 -net tap,ifname=vif-0-3,script=/etc/libvirt/qemu/vif-vnet-up,vlan=0,name=hostnet0 -usb -vnc 127.0.0.1:9 -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 Domain id=1 is tainted: high-privileges Domain id=1 is tainted: shell-scripts qemu-system-x86_64: -net tap,ifname=vif-0-3,script=/etc/libvirt/qemu/vif-vnet-up,vlan=0,name=hostnet0: could not open /dev/net/tun: Operation not permitted qemu-system-x86_64: -net tap,ifname=vif-0-3,script=/etc/libvirt/qemu/vif-vnet-up,vlan=0,name=hostnet0: Device 'tap' could not be initialized I can run the QEMU command manually from the shell, so I'm 100% sure this is a problem related to libvirt. Thanks, Anna