Thanks, apparmour was the issue.
On Mon, Aug 12, 2013 at 3:18 AM, Daniel P. Berrange <berrange(a)redhat.com>wrote:
On Sat, Aug 10, 2013 at 08:33:17PM -0600, Joshua McKee wrote:
> Sorry, I accidentally hit send before I was done. Here's the finished
> message:
>
> Thanks! Unfortunately, I am running into the following issue when
> attempting to use the generic ethernet configuration:
>
> $ virsh -c qemu:///system create /tmp/generic.xml
> error: Failed to create domain from /tmp/generic.xml
> error: internal error process exited while connecting to monitor: kvm:
> -netdev tap,id=hostnet0: could not configure /dev/net/tun: Operation not
> permitted
> kvm: -netdev tap,id=hostnet0: Device 'tap' could not be initialized
>
> This is the network part of my xml file:
>
> ...
> <devices>
> <interface type="ethernet"/>
> ...
> <interface type="ethernet'>
> <target dev="tap0"/>
> <script path='/etc/qemu-ifup'/>
> </interface>
> ...
> </devices>
> ...
>
> In my /etc/libvirt/qemu.conf file I have the following set:
>
> user = "root"
> group ="root"
> dynamic ownership = 0
> clear_emulator_capabilities = 0
> cgroup_device_acl = [
> "/dev/null", "/dev/full", "/dev/zero",
> "/dev/random", "/dev/urandom",
> "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
> "/dev/rtc", "/dev/hpet",
> "/dev/net/tun",
> ]
You did restart libvirtd after making those setting changes, right ?
The user, group & clear_emulator_capabilities settings are the 3 that
matter here & you have them correctly set.
> I am running Ubuntu 12, which does not use SELinux.
It has apparmour though, which possibly denies access to /dev/net/tun
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/:|
|:
http://libvirt.org -o-
http://virt-manager.org:|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/:|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc:|