1

My end goal is to be able to use libvirt.uri = 'qemu:///session' with Vagrant, which means creating machines as non-root, but in order to do that I need to have a default libvirt network as non-root, where virsh net-list as non-root is empty. As root I get the below output.

Question

How can I create a default libvirt network for non-root users?

# virsh net-list
 Name      State    Autostart   Persistent
--------------------------------------------
 default   active   yes         yes

# virsh net-dumpxml default
<network>
  <name>default</name>
  <uuid>d2421e8d-e34f-4f28-9b11-db6e6f7c4aae</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:13:3e:0a'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254'/>
    </dhcp>
  </ip>
</network>
Sandra
  • 9,973
  • 37
  • 104
  • 160

1 Answers1

2

No, the libvirt virtual network feature doesn't work for non-root at this time. It requires ability to run various operations that need root level privileges.

In the future, we hope to allow the non-privileged libvirtd to talk to the privileged libvirtd in order to connect guests to the network, but there's no ETA on that feature.

DanielB
  • 1,510
  • 6
  • 7
  • Ok, thanks. This bug https://github.com/vagrant-libvirt/vagrant-libvirt/issues/626 prevents non-root from making private networks. Are you involved in vagrant-libvirt? – Sandra Oct 22 '19 at 12:58
  • 1
    No, I'm involved in libvirt itself. FWIW, if /usr/libexec/qemu-bridge-helper has been installed setuid by your OS distro, and privileged libvirtd has created a network (eg the default virbr0 network) then it is possible for unprivileged libvirtd to use this setuid helper to connect to this network. This requires different XML in the guest interface, requesting an explicit bridge device. Not sure if this is useful for vagrant or not. – DanielB Oct 22 '19 at 14:42