Greetings,
> Sent: Monday, July 01, 2024 at 10:35 AM
> From: "Michal Prívozník" <[email protected]>
> To: "daggs" <[email protected]>, [email protected]
> Subject: Re: per user vm isolation with shared network
>
> On 6/30/24 01:01, daggs via Users wrote:
> > Greetings,
> >
> > I have two vm which I want to isolate per user, if I'm not mistaken, I can
> > to that with per session uri.
> > but I want to setup a virtual bridge so they will get connected with each
> > other.
> > looks like that if I define the network as system, it isn't visible in the
> > session.
> > is there a way to do that? if I define the same network in both sessions,
> > will it work?
> >
> > Thanks,
> >
> > Dagg
> >
>
> Yeah, this is known issue:
>
> https://gitlab.com/libvirt/libvirt/-/issues/438
>
> what you can do is create a bridge and then use qemu-bridge-helper to
> plug TAPs from qemu:///session VMs into the bridge. Theoretically, you
> could even misuse virbr0.
>
> Michal
thanks, I've started looking into it however I'm unable to see the network from
the dedicated user, see:
$ id; virsh -c qemu:///session net-list --all; virsh -c qemu:///system net-list
--all
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
Name State Autostart Persistent
--------------------------------------------
default active yes yes
Name State Autostart Persistent
--------------------------------------------
default active yes yes
$ su -c "id; virsh -c qemu:///session net-list --all; virsh -c qemu:///system
net-list --all" foo
uid=1002(foo) gid=1002(foo) groups=1002(foo),34(kvm),36(qemu),102(libvirt)
Name State Autostart Persistent
----------------------------------------
error: failed to connect to the hypervisor
error: internal error: Unable to get system bus connection: Could not connect:
No such file or directory
$ cat /etc/qemu/bridge.conf
# This should have the following permissions: root:qemu 0640
# Allow users in the "qemu" group to add devices to "br0".
allow br0
# Uncomment the following line to allow users in the "bob"
# group to have permissions defined in it, iff it has the
# following permissions: root:bob 0640
#include /etc/qemu/bob.conf
$ brctl show virbr0
bridge name bridge id STP enabled interfaces
virbr0 8000.525400892227 yes
utils-server:/home/igor$ ls -l /usr/lib/qemu/qemu-bridge-helper
-rws--x--- 1 root qemu 837704 Jun 18 14:07 /usr/lib/qemu/qemu-bridge-helper
utils-server:/home/igor$ virsh -c qemu:///session net-dumpxml default
<network>
<name>default</name>
<uuid>9ec5f56a-1c3d-4650-aac2-45d1352e08fc</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:89:22:27'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
what am I missing?
