I am proposing adding a new group to the udev rules for the net interfaces. The reason I am requesting this is because when you want to run a program like qemu as a regular user, you are unable to bring up a network interface (tap device on a bridge) without having to change the permissions of /dev/net/tun. Reproducible: Always Steps to Reproduce: 1. Run qemu as a regular user 2. Have qemu attempt to bring up a tap interface on a bridge 3. Access Problem. Actual Results: warning: could not open /dev/net/tun: no virtual network emulation Could not initialize device 'tap' Expected Results: Interface would come up if the user belonged to the new "net" group. Here's an example of a device in /dev/net: crw-rw---- 1 root net 10, 200 May 24 09:48 /dev/net/tun
After some more researching, it looks like this is not an issue. It seems that there are some abilities in libcap (set CAP_NET_ADMIN on the binary) that don't exist yet and is causing problems with qemu and tap/tun interfaces running under regular user.