On 2/19/24 10:21 AM, Chuck Lever wrote:
Hello-
I'm somewhat new to the libvirt world, and I've encountered a problem
that needs better troubleshooting skills than I have. I've searched
Google/Ecosia and stackoverflow without finding a solution.
I set up libvirt on an x86_64 system without a problem, but on my
new aarch64 / Fedora 39 system, virsh doesn't seem to want to start
virbr0 when run from my own user account:
cel@boudin:~/kdevops$ virsh net-start default
error: Failed to start network default
error: error creating bridge interface virbr0: Operation not permitted
If you run virsh as a normal user, it will auto-create an unprivileged
("session mode") libvirt instance, and connect to that rather than the
single privileged (ie. run as root) libvirt instance that is managed by
systemd. Because this libvirt is running as a normal user with no
elevated privileges, it is unable to create a virtual network.
What you probably wanted to do was to connect to the system-wide
privileged libvirt, you can do this by either running virsh as root (or
with sudo), or by using
# virsh -c qemu:///system
rather than straight "virsh". Whichever method you choose, you'll want
to do that for all of your virsh commands, both for creating/managing
networks and guests.
cel@boudin:~/kdevops$ cat /etc/qemu/bridge.conf
allow virbr0
cel@boudin:~/kdevops$
/etc/qemu/bridge.conf is used by the QEMU package's qemu-bridge-helper
binary (an SUID root program that creates a tap device attached to an
existing bridge, and can be executed by an unprivileged qemu or libvirt
that doesn't have permission to create a tap device or attach a tap to a
bridge).
The only place where bridge.conf matters is if you are using session
mode libvirt for your guest you can use <interface type='bridge'> ...
<source bridge='virbr0'/> to "make an end run" around libvirt's own
network management and connect the guest's tap device to (in this
example) virbr0 (assuming it already exists, for example if you've
started the default virtual network in the system/privileged libvirt).
_______________________________________________
Users mailing list -- users@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxx
