HI Laine, Looks like we are able to run qemu-bridge-helper and it internally tries to create tap interface. While creating this tap interface we are getting Operation not permitted error: * failed to create tun device: Operation not permitted* How we can create tun interface without root user is the issue. Please let us know how to proceed on this. On Wed, Jun 25, 2014 at 6:21 PM, Laine Stump <laine@laine.org> wrote:
On 06/25/2014 03:28 PM, abhishek jain wrote:
Hi Laine
I'm able to run the qemu-bridge-helper but with root authority. I need to run it with non-root user.How can i do that?
The entire point of qemu-bridge-helper is that it can be run by non-privileged users, but once run it has root privileges. This is done by the binary having the "suid bit" set. If your distro didn't install it this way, that is a bug (an ls -l of the binary should show "rwsr-xr-x" permissions) . You can fix it with the chmod command (e.g. "chmod 4755 /usr/libexec/qemu-bridge-helper"). If that is what was broken, and you used the distro-built package, you should report it as a bug to the distro's bug tracking system.
Beyond that, you need to read about the qemu-bridge-helper ACL file in the link I originally gave (along with other info you can find with a google search).
Thanks
On Wed, Jun 25, 2014 at 5:43 PM, Laine Stump <laine@laine.org> wrote:
On 06/25/2014 10:22 AM, abhishek jain wrote:
Hi
I'm able to run the below command using root permission....
sudo kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500 Warning: netdev hostnet has no peer Could not initialize SDL(No available video device) - exiting
However when I'm running the same command without root authority,I'm getting following logs...
kvm -netdev bridge,br=qbr0ccdca50-fa,id=hostnet -M ppce500 failed to create tun device: Operation not permitted failed to launch bridge helper kvm: -netdev bridge,br=qbr0ccdca50-fa,id=hostnet: Device 'bridge' could not be initialized
I need to run the above command without root authority.Please help regarding this.
Search for qemu-bridge-helper and you should find information about the ACL file that needs to be setup for this to work properly. For example, this has a short description, but doesn't sound like it's intended to be the final authority:
_______________________________________________ libvirt-users mailing listlibvirt-users@redhat.comhttps://www.redhat.com/mailman/listinfo/libvirt-users