Hi Laine I'm able to run the qemu-bridge-helper but with root authority. I need to run it with non-root user.How can i do that? Thanks On Wed, Jun 25, 2014 at 5:43 PM, Laine Stump <laine@laine.org> wrote:> On 06/25/2014 10:22 AM, abhishek jain wrote: > > Hi > > > > I'm able to run the below command using root permission.... > > > > sudo kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500 > > Warning: netdev hostnet has no peer > > Could not initialize SDL(No available video device) - exiting > > > > > > However when I'm running the same command without root authority,I'm > > getting following logs... > > > > kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500 > > failed to create tun device: Operation not permitted > > failed to launch bridge helper > > kvm: -netdev bridge,br=qbr0ccdca50-fa,id=hostnet: Device 'bridge' > > could not be initialized > > > > > > I need to run the above command without root authority.Please help > > regarding this. > > Search for qemu-bridge-helper and you should find information about the > ACL file that needs to be setup for this to work properly. For example, > this has a short description, but doesn't sound like it's intended to be > the final authority: > > http://wiki.qemu.org/Features/HelperNetworking >
On 06/25/2014 03:28 PM, abhishek jain wrote:> Hi Laine > > I'm able to run the qemu-bridge-helper but with root authority. > I need to run it with non-root user.How can i do that?The entire point of qemu-bridge-helper is that it can be run by non-privileged users, but once run it has root privileges. This is done by the binary having the "suid bit" set. If your distro didn't install it this way, that is a bug (an ls -l of the binary should show "rwsr-xr-x" permissions) . You can fix it with the chmod command (e.g. "chmod 4755 /usr/libexec/qemu-bridge-helper"). If that is what was broken, and you used the distro-built package, you should report it as a bug to the distro's bug tracking system. Beyond that, you need to read about the qemu-bridge-helper ACL file in the link I originally gave (along with other info you can find with a google search).> > Thanks > > > On Wed, Jun 25, 2014 at 5:43 PM, Laine Stump <laine@laine.org > <mailto:laine@laine.org>> wrote: > > On 06/25/2014 10:22 AM, abhishek jain wrote: > > Hi > > > > I'm able to run the below command using root permission.... > > > > sudo kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500 > > Warning: netdev hostnet has no peer > > Could not initialize SDL(No available video device) - exiting > > > > > > However when I'm running the same command without root authority,I'm > > getting following logs... > > > > kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500 > > failed to create tun device: Operation not permitted > > failed to launch bridge helper > > kvm: -netdev bridge,br=qbr0ccdca50-fa,id=hostnet: Device 'bridge' > > could not be initialized > > > > > > I need to run the above command without root authority.Please help > > regarding this. > > Search for qemu-bridge-helper and you should find information > about the > ACL file that needs to be setup for this to work properly. For > example, > this has a short description, but doesn't sound like it's intended > to be > the final authority: > > http://wiki.qemu.org/Features/HelperNetworking > > > > > _______________________________________________ > libvirt-users mailing list > libvirt-users@redhat.com > https://www.redhat.com/mailman/listinfo/libvirt-users
HI Laine, Looks like we are able to run qemu-bridge-helper and it internally tries to create tap interface. While creating this tap interface we are getting Operation not permitted error: * failed to create tun device: Operation not permitted* How we can create tun interface without root user is the issue. Please let us know how to proceed on this. On Wed, Jun 25, 2014 at 6:21 PM, Laine Stump <laine@laine.org> wrote:> On 06/25/2014 03:28 PM, abhishek jain wrote: > > Hi Laine > > I'm able to run the qemu-bridge-helper but with root authority. > I need to run it with non-root user.How can i do that? > > > The entire point of qemu-bridge-helper is that it can be run by > non-privileged users, but once run it has root privileges. This is done by > the binary having the "suid bit" set. If your distro didn't install it this > way, that is a bug (an ls -l of the binary should show "rwsr-xr-x" > permissions) . You can fix it with the chmod command (e.g. "chmod 4755 > /usr/libexec/qemu-bridge-helper"). If that is what was broken, and you used > the distro-built package, you should report it as a bug to the distro's bug > tracking system. > > Beyond that, you need to read about the qemu-bridge-helper ACL file in the > link I originally gave (along with other info you can find with a google > search). > > > > Thanks > > > On Wed, Jun 25, 2014 at 5:43 PM, Laine Stump <laine@laine.org> wrote: > >> On 06/25/2014 10:22 AM, abhishek jain wrote: >> > Hi >> > >> > I'm able to run the below command using root permission.... >> > >> > sudo kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500 >> > Warning: netdev hostnet has no peer >> > Could not initialize SDL(No available video device) - exiting >> > >> > >> > However when I'm running the same command without root authority,I'm >> > getting following logs... >> > >> > kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500 >> > failed to create tun device: Operation not permitted >> > failed to launch bridge helper >> > kvm: -netdev bridge,br=qbr0ccdca50-fa,id=hostnet: Device 'bridge' >> > could not be initialized >> > >> > >> > I need to run the above command without root authority.Please help >> > regarding this. >> >> Search for qemu-bridge-helper and you should find information about the >> ACL file that needs to be setup for this to work properly. For example, >> this has a short description, but doesn't sound like it's intended to be >> the final authority: >> >> http://wiki.qemu.org/Features/HelperNetworking >> > > > > _______________________________________________ > libvirt-users mailing listlibvirt-users@redhat.comhttps://www.redhat.com/mailman/listinfo/libvirt-users > > >