Greetings, > Sent: Monday, July 01, 2024 at 10:35 AM > From: "Michal Prívozník" <mprivozn@xxxxxxxxxx> > To: "daggs" <daggs@xxxxxxx>, users@xxxxxxxxxxxxxxxxx > Subject: Re: per user vm isolation with shared network > > On 6/30/24 01:01, daggs via Users wrote: > > Greetings, > > > > I have two vm which I want to isolate per user, if I'm not mistaken, I can to that with per session uri. > > but I want to setup a virtual bridge so they will get connected with each other. > > looks like that if I define the network as system, it isn't visible in the session. > > is there a way to do that? if I define the same network in both sessions, will it work? > > > > Thanks, > > > > Dagg > > > > Yeah, this is known issue: > > https://gitlab.com/libvirt/libvirt/-/issues/438 > > what you can do is create a bridge and then use qemu-bridge-helper to > plug TAPs from qemu:///session VMs into the bridge. Theoretically, you > could even misuse virbr0. > > Michal thanks, I've started looking into it however I'm unable to see the network from the dedicated user, see: $ id; virsh -c qemu:///session net-list --all; virsh -c qemu:///system net-list --all uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) Name State Autostart Persistent -------------------------------------------- default active yes yes Name State Autostart Persistent -------------------------------------------- default active yes yes $ su -c "id; virsh -c qemu:///session net-list --all; virsh -c qemu:///system net-list --all" foo uid=1002(foo) gid=1002(foo) groups=1002(foo),34(kvm),36(qemu),102(libvirt) Name State Autostart Persistent ---------------------------------------- error: failed to connect to the hypervisor error: internal error: Unable to get system bus connection: Could not connect: No such file or directory $ cat /etc/qemu/bridge.conf # This should have the following permissions: root:qemu 0640 # Allow users in the "qemu" group to add devices to "br0". allow br0 # Uncomment the following line to allow users in the "bob" # group to have permissions defined in it, iff it has the # following permissions: root:bob 0640 #include /etc/qemu/bob.conf $ brctl show virbr0 bridge name bridge id STP enabled interfaces virbr0 8000.525400892227 yes utils-server:/home/igor$ ls -l /usr/lib/qemu/qemu-bridge-helper -rws--x--- 1 root qemu 837704 Jun 18 14:07 /usr/lib/qemu/qemu-bridge-helper utils-server:/home/igor$ virsh -c qemu:///session net-dumpxml default <network> <name>default</name> <uuid>9ec5f56a-1c3d-4650-aac2-45d1352e08fc</uuid> <forward mode='nat'> <nat> <port start='1024' end='65535'/> </nat> </forward> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:89:22:27'/> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.2' end='192.168.122.254'/> </dhcp> </ip> </network> what am I missing?
