Looking at the code now. src/util/virnetdevtap.c (qemuInterfaceEthernetConnect): if (net->managed_tap == VIR_TRISTATE_BOOL_NO) { ... } else { ... tap_create_flags |= VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING; ... } Shouldn't it be the other way around? I.e. set VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING flag in case managed='no'? That is also mentioned in the commit message: The only exception is <interface type='ethernet'/> with <target managed='no'/> where we specifically want to let users use pre-created TAP device and basically not touch it at all.

On 19/01/2023 11:25, Vasily Ulyanov wrote: > Hi All, > > I am now trying to run our downstream KubeVirt build with a recent libvirt 9.0.0 > and I see a problem that libvirt refuses to start a VM if it is configured to > use a pre-created tap device: > > virError(Code=55, Domain=0, Message='Requested operation is not valid: The > tap0 interface already exists') > > After looking at the git history I found the bellow commit [1] which explicitly > forbids such a usecase. This basically breaks KubeVirt since libvirt there runs > unprivileged and can only use the existing tap's. > > I haven't yet look deeper into the original issue linked to the commit. Just > wanted to raise this here first. Perhaps someone can provide feedback on that. > What about some alternative approach instead? Or maybe it was discussed already... > > BTW, I tested with the reverted commit and it was successful. > > [1] > https://gitlab.com/libvirt/libvirt/-/commit/a2ae3d299cf9c5ada8aa42ec42717... > -- Vasily Ulyanov &lt;vulyanov(a)suse.de&gt; Software Engineer, SUSE Labs Core