> I'm sorry, this is not something that we can solve in the qemu-kvm package that is in Ubuntu Main.
Why not? The standard Ubuntu kernel supports capabilities (CONFIG_SECURITY_FILE_CAPABILITIES). It is obviously not desirable to have qemu networking broken by default, or to tell users that they must run qemu as root if they want networking to work. I'd imagine that most people installing qemu would prefer that the qemu process be able to create a TUN/TAP device instead of returning some odd error message. > You could, I suppose, submit a patch that adds another binary package under the qemu-kvm source package that we put in Universe. It seems odd to create a new package just to fix networking for non-root users. > I've subscribed the Ubuntu Security Team. I'm curious for their opinion on this. >From a security perspective, it is obviously better to give the qemu process a single relatively harmless capability than to require all users run qemu as root or suid root. -- qemu no tun/tap networking https://bugs.launchpad.net/bugs/103010 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
