Debian Bug report logs - #412941
kvm: tun/tap network broken for non-root on 2.6.18+ kernels

version graph

Package: qemu-kvm; Maintainer for qemu-kvm is Michael Tokarev <mjt@tls.msk.ru>; Source for qemu-kvm is src:qemu.

Reported by: Kevin Locke <kwl7@cornell.edu>

Date: Thu, 1 Mar 2007 02:57:01 UTC

Severity: normal

Found in version qemu-kvm/0.11.1+dfsg-1

Done: Marco Rodrigues <gothicx@sapo.pt>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Baruch Even <baruch@debian.org>:
Bug#412941; Package kvm. Full text and rfc822 format available.

Acknowledgement sent to Kevin Locke <kwl7@cornell.edu>:
New Bug report received and forwarded. Copy sent to Baruch Even <baruch@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kevin Locke <kwl7@cornell.edu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kvm: tun/tap network broken for non-root on 2.6.18+ kernels
Date: Wed, 28 Feb 2007 21:55:30 -0500
Package: kvm
Version: 14-1
Severity: normal

A recent patch[1] to the kernel that was included in 2.6.18 and more
recent kernels changes the necessary privileges for creating a tun
devices from having write access to the device to having the
CAP_NET_ADMIN capability.  This causes the ioctl() at qemu/vl.c:3270
to fail due to insufficient privileges (any chance there could be a
perror() here so users know why it failed?) when run as non-root
users.

There have been suggestions[2] to use tunctl (in the uml-utilities
package) to create the interface before running qemu/kvm, and other
suggestions[3] to use setfcaps to set the capabilities on the qemu/kvm
binary to include CAP_NET_ADMIN (not sure what the Debian plans are on
that front).  Of course, there is also always the solution of just
biting the bullet and running kvm/qemu as root...

Anyway, what this bug is really just to suggest that this failure be
documented somewhere (man page or README.Debian preferably) to save
users some debugging to find out all of this information.  But, if you
find a fix, that would be even better.  ;)

Cheers,
Kevin

1.  http://www.mail-archive.com/netdev@vger.kernel.org/msg14319.html
2.  http://www.mail-archive.com/arch@archlinux.org/msg08382.html
3.  http://www.friedhoff.org/fscaps.html#Qemu
-- Package-specific info:


selected information from lshal(1):

  system.product = '2613ESU ThinkPad T60p'  (string)
  system.vendor = 'LENOVO'  (string)
  smbios.chassis.type = 'Notebook'  (string)
  smbios.chassis.manufacturer = 'LENOVO'  (string)
  smbios.system.uuid = 'E9FD2C01-485E-11CB-B762-A1A0A74975E0'  (string)
  smbios.system.serial = 'L3A4175'  (string)
  smbios.system.version = 'ThinkPad T60p'  (string)
  smbios.system.product = '2613ESU'  (string)
  smbios.system.manufacturer = 'LENOVO'  (string)
  smbios.bios.release_date = '11/10/2006'  (string)
  smbios.bios.version = '79ETC3WW (2.03 )'  (string)
  smbios.bios.vendor = 'LENOVO'  (string)


/proc/cpuinfo:

processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 14
model name	: Genuine Intel(R) CPU           T2500  @ 2.00GHz
stepping	: 8
cpu MHz		: 2000.000
cache size	: 2048 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 2
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc pni monitor vmx est tm2 xtpr
bogomips	: 3993.50

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 14
model name	: Genuine Intel(R) CPU           T2500  @ 2.00GHz
stepping	: 8
cpu MHz		: 2000.000
cache size	: 2048 KB
physical id	: 0
siblings	: 2
core id		: 1
cpu cores	: 2
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc pni monitor vmx est tm2 xtpr
bogomips	: 3990.04




-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18.20070225a
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages kvm depends on:
ii  adduser  3.102                           Add and remove users and groups
ii  bridge-u 1.2-1                           Utilities for configuring the Linu
ii  iproute  20061002-3                      Professional tools to control the 
ii  libasoun 1.0.13-1                        ALSA library
ii  libc6    2.3.6.ds1-11                    GNU C Library: Shared libraries
ii  libsdl1. 1.2.11-7                        Simple DirectMedia Layer
ii  libuuid1 1.39+1.40-WIP-2006.11.14+dfsg-1 universally unique id library
ii  zlib1g   1:1.2.3-13                      compression library - runtime

Versions of packages kvm recommends:
ii  kvm-source 14-1                          Source for the KVM driver
ii  linux-imag 2.6.18.20070225a-10.00.Custom Linux kernel binary image for vers
ii  qemu       0.8.2-4                       fast processor emulator
pn  vde2       <none>                        (no description available)

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Baruch Even <baruch@debian.org>:
Bug#412941; Package kvm. Full text and rfc822 format available.

Acknowledgement sent to vinsci@refactor.fi (Leonard Norrgard):
Extra info received and forwarded to list. Copy sent to Baruch Even <baruch@debian.org>. Full text and rfc822 format available.

Message #10 received at 412941@bugs.debian.org (full text, mbox):

From: vinsci@refactor.fi (Leonard Norrgard)
To: kwl7@cornell.edu, 412941@bugs.debian.org
Subject: Re: Bug#412941: kvm: tun/tap network broken for non-root on 2.6.18+ kernels
Date: Thu, 1 Mar 2007 08:25:49 +0200 (EET)
Thanks for the detailed bug report, although I don't think this really
qualifies as a bug.

This is a QEMU FAQ:

| I'm using a kernel >=2.6.18 and am having problems with tun/tap and QEMU
| http://www.kidsquid.com/cgi-bin/moin.cgi/FrequentlyAskedQuestions#head-2511814cb92c14dbe1480089c04f83c281117a86

(Btw, I'm using a slightly adapted version of that script myself --
obviously you want to change it to run kvm and not qemu).

I haven't got a plan for what to do about this yet. It seems that
giving the qemu/kvm binary cap_net_admin re-opens the hole that the
kernel patch fixed to begin with. On the other hand, requiring kvm
users to have sudo access is just as bad.

Perhaps on '/etc/init.d/kvm start', automatically create one or more
interfaces for each user in the kvm group?

#!/bin/sh
for user in `grep ^kvm: /etc/group | cut -d : -f 4 | tr , ' '`; do
	tunctl -u ${user} -t tap-${user}0
	#tunctl -u ${user} -t tap-${user}1
	#tunctl -u ${user} -t tap-${user}2
done

This is the kind of task that virt-manager [1] may be more suited to
handle at some level.

[1] http://virt-manager.et.redhat.com/index.html

Thanks for the perror() suggestion.



Information forwarded to debian-bugs-dist@lists.debian.org, Baruch Even <baruch@debian.org>:
Bug#412941; Package kvm. Full text and rfc822 format available.

Acknowledgement sent to Kevin Locke <kwl7@cornell.edu>:
Extra info received and forwarded to list. Copy sent to Baruch Even <baruch@debian.org>. Full text and rfc822 format available.

Message #15 received at 412941@bugs.debian.org (full text, mbox):

From: Kevin Locke <kwl7@cornell.edu>
To: Leonard Norrgard <vinsci@refactor.fi>, 412941@bugs.debian.org
Subject: Re: Bug#412941: kvm: tun/tap network broken for non-root on 2.6.18+ kernels
Date: Thu, 1 Mar 2007 07:18:32 -0500
On Thu, 2007-03-01 at 08:25 +0200, Leonard Norrgard wrote:
> Thanks for the detailed bug report, although I don't think this really
> qualifies as a bug.

Only to the extent that users trying to run kvm as non-root will be
in for some fun web searching to figure this out.  (It could be argued
that all programs require this to some extent, I was just hoping to
make the process easier)

> | I'm using a kernel >=2.6.18 and am having problems with tun/tap and QEMU
> | http://www.kidsquid.com/cgi-bin/moin.cgi/FrequentlyAskedQuestions#head-2511814cb92c14dbe1480089c04f83c281117a86

Thanks for pointing that out, I completely overlooked it.  Guess I was
a bit too quick to jump to search...

> I haven't got a plan for what to do about this yet. It seems that
> giving the qemu/kvm binary cap_net_admin re-opens the hole that the
> kernel patch fixed to begin with. On the other hand, requiring kvm
> users to have sudo access is just as bad.

Is there any way to give users in the kvm group cap_net_admin
capability (when running kvm)?  I suppose making the binary only group
and user executable and setting cap_net_admin would do it.  Are there
any typical use cases where people using the binary are not in the kvm
group (which would require changing permissions on /dev/kvm AFAIK).

> Perhaps on '/etc/init.d/kvm start', automatically create one or more
> interfaces for each user in the kvm group?
> 
> #!/bin/sh
> for user in `grep ^kvm: /etc/group | cut -d : -f 4 | tr , ' '`; do
> 	tunctl -u ${user} -t tap-${user}0
> 	#tunctl -u ${user} -t tap-${user}1
> 	#tunctl -u ${user} -t tap-${user}2
> done

Sure.  Would kvm then attempt to use these interfaces automatically or
would the user be encouraged to pass them as iface= arguments?  Seems
like it might be a little bit excessive on systems with many users in
the kvm group, but it would probably get the job done.

> This is the kind of task that virt-manager [1] may be more suited to
> handle at some level.

Yeah, probably true.

> Thanks for the perror() suggestion.

Sure.  While you are at it, you might want to add one to the ioctl()
at qemu/vl.c:1001 on /dev/rtc (or even check for an inappropriate
ioctl errno) since HPET systems do not support the RTC_IRQP_SET
ioctl[1].

1.  https://www.x86-64.org/pipermail/bugs/2003-December/000828.html

-- 
Cheers,      |      kwl7@cornell.edu     |    kevinoid@jabber.org
Kevin        |   http://kevinlocke.name  |   kevinoid on freenode



Information forwarded to debian-bugs-dist@lists.debian.org, Jan Lübbe <jluebbe@debian.org>:
Bug#412941; Package kvm. Full text and rfc822 format available.

Acknowledgement sent to Tim Small <tim@buttersideup.com>:
Extra info received and forwarded to list. Copy sent to Jan Lübbe <jluebbe@debian.org>. Full text and rfc822 format available.

Message #20 received at 412941@bugs.debian.org (full text, mbox):

From: Tim Small <tim@buttersideup.com>
To: 412941@bugs.debian.org
Subject: Further bug info
Date: Mon, 31 Mar 2008 15:45:00 +0100
Just to provide some more info (as much to make this bug easier to find 
as anything else).  Bug #404794 is relevant to this - strace output when 
this fails is:

ioctl(4, TUNSETIFF, 0x7fffb5173c60) = -1 EPERM (Operation not permitted)

One suggested fix would be to ship this part of the network 
functionality into /etc/kvm/kvm-ifup or similar - as privileges are 
needed for some of this functionality already.  Ideally there could be 
an option to get both features run from an SUID binary (or otherwise 
gain the necessary privileges).

Thanks,

Tim.




Information forwarded to debian-bugs-dist@lists.debian.org, hramrach@centrum.cz, Jan Lübbe <jluebbe@debian.org>:
Bug#412941; Package kvm. (Wed, 03 Dec 2008 12:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to michal.suchanek@ruk.cuni.cz:
Extra info received and forwarded to list. Copy sent to hramrach@centrum.cz, Jan Lübbe <jluebbe@debian.org>. (Wed, 03 Dec 2008 12:51:03 GMT) Full text and rfc822 format available.

Message #25 received at 412941@bugs.debian.org (full text, mbox):

From: michal.suchanek@ruk.cuni.cz
To: Debian Bug Tracking System <412941@bugs.debian.org>
Subject: kvm: This is problem with the kernel security implemented on the interface
Date: Wed, 03 Dec 2008 13:49:43 +0100
Package: kvm
Version: 72+dfsg-2
Followup-For: Bug #412941


Hello

I think we should blame this on the kernel people ;-)

tunctl allows to set a group permission on the interface but ..

 - the group permission only works for users that have this group as
   primary
 - if both user and group permission are set than only user with both
   that UID and primary GID is allowed to open the interface

If this were fixed to behave in some sane way you could make the device
accessible to some group (kvm or tapnet or whatever) and have users
added to that group.

Thanks

Michal


-- Package-specific info:


selected information from lshal(1):



/proc/cpuinfo:

processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 14
model name	: Genuine Intel(R) CPU           T2300  @ 1.66GHz
stepping	: 8
cpu MHz		: 1666.563
cache size	: 2048 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc arch_perfmon bts pni monitor vmx est tm2 xtpr pdcm
bogomips	: 3333.12
clflush size	: 64
power management:

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 14
model name	: Genuine Intel(R) CPU           T2300  @ 1.66GHz
stepping	: 8
cpu MHz		: 1666.563
cache size	: 2048 KB
physical id	: 0
siblings	: 2
core id		: 1
cpu cores	: 2
apicid		: 1
initial apicid	: 1
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc arch_perfmon bts pni monitor vmx est tm2 xtpr pdcm
bogomips	: 3333.20
clflush size	: 64
power management:




-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.28-rc7-macmini (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kvm depends on:
ii  adduser                3.110             add and remove users and groups
ii  bridge-utils           1.4-5             Utilities for configuring the Linu
ii  iproute                20080725-2        networking and traffic control too
ii  libasound2             1.0.16-2          ALSA library
ii  libc6                  2.7-16            GNU C Library: Shared libraries
ii  libgnutls26            2.4.2-3           the GNU TLS library - runtime libr
ii  libncurses5            5.6+20080830-1    shared libraries for terminal hand
ii  libsdl1.2debian        1.2.13-2          Simple DirectMedia Layer
ii  python                 2.5.2-3           An interactive high-level object-o
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages kvm recommends:
ii  l 2.6.26-10                              Linux 2.6.26 image on PPro/Celeron
ii  l 1                                      Linux kernel binary image for vers
ii  l 2.6.27-1~experimental.1~snapshot.12406 Linux 2.6.27 image on PPro/Celeron
ii  l 2.6.28-rc6-minimacmacmini-10.00.Custom Linux kernel binary image for vers
ii  l 2.6.28-rc7-macmini-10.00.Custom        Linux kernel binary image for vers

Versions of packages kvm suggests:
ii  debootstrap                   1.0.10     Bootstrap a basic Debian system
ii  hal                           0.5.11-6   Hardware Abstraction Layer
pn  kvm-source                    <none>     (no description available)
pn  samba                         <none>     (no description available)
pn  vde2                          <none>     (no description available)

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Jan Lübbe <jluebbe@debian.org>:
Bug#412941; Package kvm. (Thu, 04 Dec 2008 08:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Jan Lübbe <jluebbe@debian.org>. (Thu, 04 Dec 2008 08:09:03 GMT) Full text and rfc822 format available.

Message #30 received at 412941@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: michal.suchanek@ruk.cuni.cz, 412941@bugs.debian.org
Subject: Re: Bug#412941: kvm: This is problem with the kernel security implemented on the interface
Date: Thu, 4 Dec 2008 09:06:25 +0100
On Wed, Dec 03, 2008 at 01:49:43PM +0100, michal.suchanek@ruk.cuni.cz wrote:
> If this were fixed to behave in some sane way you could make the device
> accessible to some group (kvm or tapnet or whatever) and have users
> added to that group.
You only have to set kvm setuid group to that group you refer to achieve
that. Howevert that isn't a nice solution for a distribution.
 -- Guido




Reply sent to Marco Rodrigues <gothicx@sapo.pt>:
You have taken responsibility. (Mon, 28 Dec 2009 20:57:07 GMT) Full text and rfc822 format available.

Notification sent to Kevin Locke <kwl7@cornell.edu>:
Bug acknowledged by developer. (Mon, 28 Dec 2009 20:57:07 GMT) Full text and rfc822 format available.

Message #35 received at 412941-done@bugs.debian.org (full text, mbox):

From: Marco Rodrigues <gothicx@sapo.pt>
To: 412941-done@bugs.debian.org
Subject: Package kvm has been removed from Debian
Date: Mon, 28 Dec 2009 20:47:07 +0000
Version: 85+dfsg-4.1+rm

You filled the bug http://bugs.debian.org/412941 in Debian BTS
against the package kvm. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/562620. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jan 2010 07:31:16 GMT) Full text and rfc822 format available.

Bug unarchived. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Thu, 04 Mar 2010 19:45:03 GMT) Full text and rfc822 format available.

Bug reassigned from package 'kvm' to 'qemu-kvm'. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Thu, 04 Mar 2010 19:45:03 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions kvm/72+dfsg-2 and kvm/14-1. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Thu, 04 Mar 2010 19:45:04 GMT) Full text and rfc822 format available.

Bug No longer marked as fixed in versions 85+dfsg-4.1+rm. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Thu, 04 Mar 2010 19:45:04 GMT) Full text and rfc822 format available.

Bug Marked as found in versions qemu-kvm/0.11.1+dfsg-1. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Thu, 04 Mar 2010 19:45:04 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 02 Apr 2010 07:32:15 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 17:12:07 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.