Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentLINUX VIRTUAL SERVER 5.1 - ADMINISTRATION

141

142

143

144

145

146

147

148

149

150

warning: could not open /dev/net/tun: no virtual network

emulation qemu-kvm: -netdev tap,script=/etc/my-qemu-

ifup,id=hostnet0: Device 'tap' could not be initialized

In vest ig at io n

Use of the generic ethernet interface type (<i nterface type= ' ethernet' >) is

discouraged, because using it requires lowering the level of host protection against

potential security flaws in Q EMU and its guests. However, it is sometimes necessary to use

this type of interface to take advantage of some other facility that is not yet supported

directly in lib virt . For example, openvswit ch was not supported in lib virt until libvirt-

0.9.11, so in older versions of lib virt , <i nterface type= ' ethernet' > was the only way

to connect a guest to an o p en vswit ch bridge.

However, if you configure a <i nterface type= ' ethernet' > interface without making

any other changes to the host system, the guest virtual machine will not start successfully.

The reason for this failure is that for this type of interface, a script called by Q EMU needs to

manipulate the tap device. However, with type= ' ethernet' configured, in an attempt to

lock down Q EMU , lib virt and SELinux have put in place several checks to prevent this.

(Normally, lib virt performs all of the tap device creation and manipulation, and passes an

open file descriptor for the tap device to Q EMU.)

So lu t io n

Reconfigure the host system to be compatible with the generic ethernet interface.

Pro ced u re B.4 . R econ f ig u rin g t he h o st syst em t o u se t h e g en eric et h ern et

in t erf ace

1. Set SELinux to permissive by configuring SELINUX= permi ssi ve in

/etc/sel inux/co nfi g:

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of

enforcing.

# disabled - No SELinux policy is loaded.

SELINUX=permissive

# SELINUXTYPE= can take one of these two values:

# targeted - Targeted processes are protected,

# mls - Multi Level Security protection.

SELINUXTYPE=targeted

2. From a root shell, run the command setenfo rce permi ssi ve.

3. In /etc/l i bvi rt/q emu. co nf add or edit the following lines:

clear_emulator_capabilities = 0

user = "root"

group = "root"

Red Hat Ent erp rise Linux 6 Virt ualiz at ion Host Configurat ion and G uest Inst allat ion G uide

14 4