On Tue, Jan 05, 2010 at 11:30:46PM +0000, T o n g wrote:
> I want all users in the kvm group can start kvm and have
> network access. Does this require different setting than
> your previous answer?
I believe so, see below.
> If I config my box with static address before, say:
> what should my '/etc/network/interfaces' file be now?
> (please give full file, not just some segments)
iface lo inet loopback
iface eth0 inet manual
iface br0 inet static
pre-up /usr/sbin/tunctl -u jon -t tap0
pre-up ifconfig tap0 up
bridge_ports all tap0
post-down ifconfig tap0 down
post-down tunctl -d tap0
> Having restarted networking, do I now need to use br0
> instead of eth0 for all primary network interface?
> know not to use eth0 as the primary network interface any
> more automatically?
I believe you can continue to refer to eth0 as you wish
(certainly I do in the case of wireshark, for instance)
> In this case, can other people in the kvm group use br0 as
What tunctl does is configure a tap device and give user jon
access to it. The tap device is plumbed into the br0 bridge
(the user jon does not need to manipulate the bridge
directly). This would not give other users access to that
Looking at the source code for tunctl, it seems to support a
'-g' argument to specify a group for the tap device, in a
similar way to the -u argument. This is missing from the man
Having said all that, I don't think you want each VM to
write to the same tap device: you want one per VM. So, to
have a second VM, you would need to:
* add 'tap1' to the end of the 'bridge_ports' line
* copy all other lines with 'tap0', changing to 'tap1'
If you wanted a more flexible, dynamic scheme, I think you
would need to use another approach.