| View previous topic :: View next topic |
| Author |
Message |
y444wn
n00b
Joined: 09 Aug 2009
Posts: 11
|
 Posted: Sat Jun 03, 2023 6:53 pm Post subject: Trying to run QEMU VM in a bridge: failed to drop privileges |
 |
|
[SOLVED]
Hi,
I have a fresh Gentoo install and I am trying to run QEMU VM in a network bridge.
1) QEMU version 7.2.0 on an amd64 system.
2) I have created the network bridge br0.
3) I have added "allow br0" to /etc/qemu/bridge.conf
When I try to run a VM as such:
| Code: | qemu-system-x86_64 \
-enable-kvm \
-cpu host \
-net nic,model=virtio,macaddr=52:54:00:aa:bb:cc \
-net bridge,br=br0
|
I get the following error:
| Code: | failed to drop privileges
qemu-system-x86_64: -net bridge,br=br0: bridge helper failed |
So far I have stumbled upon these threads/posts:
- https://forums.gentoo.org/viewtopic-t-1093206-start-0.html
- https://spad.uk/really-simple-network-bridging-with-qemu/
- https://forums.gentoo.org/viewtopic-t-1114482-start-0.html
- https://bugs.gentoo.org/677152
Based on those I tried:
1) Setting UID and GID bits on /usr/libexec/qemu-bridge-helper (chmod +s)
2) Creating a group named "qemu", setting group ownership of /etc/qemu/bridge.conf to "qemu", adding the user to the group, relogging back.
3) Adding a second config file /etc/qemu/bridge.conf with "allow all" and including it in /etc/qemu/bridge.conf
Still getting the same error.
Any ideas what I might be missing?
Thanks
Last edited by y444wn on Sun Jun 04, 2023 4:28 pm; edited 1 time in total |
|
| Back to top |
|
 |
y444wn
n00b
Joined: 09 Aug 2009
Posts: 11
|
| Posted: Sun Jun 04, 2023 4:27 pm Post subject: |
|
|
Alright, yet again I feel stupid. After two days of trying everything, I ran an update which bumped the version to 7.2.0.-r3. I rebooted and now everything works as expected.
Looking at the changelog it doesn't seem that the update from 7.2.0 to r3 touched anything network-related, so the plain good restart was probably what was needed.
Oh well... |
|
| Back to top |
|
|
AJM
Apprentice
Joined: 25 Sep 2002
Posts: 195
Location: Aberdeen, Scotland
|
| Posted: Mon Jun 05, 2023 8:50 am Post subject: |
|
|
Sorry, I tried to reply late on Saturday night but for some reason the forum wouldn't let me... I was going to suggest removing the setuid bit on /usr/libexec/qemu-bridge-helper - I'm sure I had exactly the same issue a couple of weeks ago setting up a new machine and that actually stopped the correct solution from working, with the same error message you had.
I think the qemu group stuff was probably the correct solution. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23062
|
| Posted: Mon Jun 05, 2023 2:59 pm Post subject: |
|
|
| AJM wrote: | | Sorry, I tried to reply late on Saturday night but for some reason the forum wouldn't let me... |
The thread title is very long. Adding Re: to it exceeds the allowed length. Manually clearing the Subject field in your reply can avoid this error. |
|
| Back to top |
|
|
AJM
Apprentice
Joined: 25 Sep 2002
Posts: 195
Location: Aberdeen, Scotland
|
| Posted: Tue Jun 06, 2023 3:40 pm Post subject: |
|
|
| Ah, I see - thanks for the explanation, though no doubt I'll have completely forgotten about it next time it happens! It's a pity the error message didn't even vaguely hint at the cause of the problem. |
|
| Back to top |
|
|
|
Networking & Security
