Re: KVM networking.
- From: Arno Schuring <aelschuring@xxxxxxxxxxx>
- Date: Wed, 9 Nov 2011 22:26:14 +0100
Sthu Deus (sthu.deus@xxxxxxxxx on 2011-11-08 14:44 +0700):
[..]
/usr/bin/kvm -localtime -m 256 -no-reboot
-cdrom ./debian-6.0.2.1-amd64-netinst/debian-6.0.2.1-amd64-netinst.iso
-boot d -hda ./da -net nic -net tap,ifname=tap0,script=no
kvm: -net tap,ifname=tap0,script=no: could not
configure /dev/net/tun (tap0): Operation not permitted
Yes, I agree my solution is suboptimal, but it's the best I could do.But if you are like me and you manage multiple virtual machines and
you stubbornly insist on using dynamic tap interfaces, you can work
around this by setting the CAP_NET_ADMIN capability on kvm:
# setcap cap_net_admin+ep /usr/bin/kvm
I want to make it secure and update independent, let's look may some
on the list will share his/her knowledge w/ us - I do not believe all
who use the standard VM-ing make such work arounds.
Eagerly awaiting input... :)
In the KVM manualThat sounds weird. What does brctl show? A default setup with these two
it is clearly written what to do in every case the network one would
use - just a workstation Internet access, bridges (private/public),
and tapped w/ latter routing for the interface.
For me it does not work for the following reasons:
1. The bridges take the Internet connections for itself - thus leaving
the host app.s w/o Internet access, probably routing needed here - but
they do not make any specifications for that.
lines should already work fine:
iface br0 inet dhcp
bridge_ports eth0
Just remember to leave eth0 unconfigured...
2. As a workstation - it does not provide access from host to theYou mean networking access? I've never needed it, but it should work
guest.
once your host apps have networking access... (just tested: ping
between host and vm works fine for me).
3. W/ tap - You have seen already the problem - some unknown to meI can make a guess:
permission problem - do You know why is it so?
$ ls -l /dev/net/tun
crw-rw---- 1 root kvm 10, 200 Nov 9 21:36 tun
$ groups
aschuring users kvm [..]
$ /usr/sbin/tunctl -b
TUNSETIFF: Operation not permitted
$ sudo setcap cap_net_admin+ep /usr/sbin/tunctl
$ /usr/sbin/tunctl -b
tap0
Or may have an ideaYes. You can just add tunctl to your list of sudo commands, and use the
what else command I have to add to sudoers file for the user or some
other way by root specify the interface parameters that the user has
to use the interface w/?
output of ifname=$(sudo tunctl -b -u $(whoami)) on the kvm command
line. Alternatively, set the cap_net_admin capability on tunctl and you
won't need sudo (but still upgrade-unsafe)...
This way, kvm will not need to create the interface and you won't run
into permission problems.
Regards,
Arno
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/20111109222614.7ef98ec1@xxxxxxxxxxxxxxxxxxxxxxx
- Follow-Ups:
- Re: KVM networking.
- From: Sthu Deus
- Re: KVM networking.
- From: Sthu Deus
- Re: KVM networking.
- References:
- KVM networking.
- From: Sthu Deus
- Re: KVM networking.
- From: Arno Schuring
- Re: KVM networking.
- From: Sthu Deus
- KVM networking.
- Prev by Date: Re: emacs RMAIL -- help needed
- Next by Date: Re: emacs RMAIL -- help needed
- Previous by thread: Re: KVM networking.
- Next by thread: Re: KVM networking.
- Index(es):
Relevant Pages
|
