Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 677152 - app-emulation/qemu-3.1.0 - failed to create tun device: Operation not permitted
Summary: app-emulation/qemu-3.1.0 - failed to create tun device: Operation not permitted
Status: RESOLVED DUPLICATE of bug 681346
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Matthias Maier
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-03 08:20 UTC by Pavel Volkov
Modified: 2019-04-08 01:56 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Volkov 2019-02-03 08:20:34 UTC
When I start a virtual machine and intend to connect it to existing bridge, this is the error I get:
failed to create tun device: Operation not permitted
qemu-system-x86_64: bridge helper failed

qemu-bridge-helper has no SUID:
-rwxr-xr-x 1 root root 17656 фев  1 11:28 /usr/libexec/qemu-bridge-helper*


... and 'getcap /usr/libexec/qemu-bridge-helper' outputs nothing.
Comment 1 Pavel Volkov 2019-02-05 19:32:33 UTC
I looked into my backup and this file had these capabilities before:

# getcap melf_root_18-12-30/usr/libexec/qemu-bridge-helper 
melf_root_18-12-30/usr/libexec/qemu-bridge-helper = cap_net_admin+ep
Comment 2 Paul Maddock 2019-02-10 18:14:12 UTC
I've experienced the same issue. I had to manually run:

    filecap /usr/libexec/qemu-bridge-helper net_admin

The current ebuild (qemu-3.1.0.ebuild) fails to set this as it now wraps it with a conditional statement. qemu-2.12.1.ebuild did not have a conditional statement.

In pkg_postinst() the conditional causes it not to execute

    [[ -f ${D}/usr/libexec/qemu-bridge-helper ]] && \
        fcaps cap_net_admin /usr/libexec/qemu-bridge-helper

I'm suspect ${D} is the problem in the above.
Comment 3 chesguy 2019-03-25 17:26:13 UTC
I've run into the same issue with app-emulation/qemu-3.1.0-r1.  The inital install and today's rebuild cleared the permissions and resulted in VMs not coming up on boot.
Comment 4 ascendant512+gentoo 2019-04-05 00:55:01 UTC
A point of clarification on the above.  If the 
[[ -f ${D}/usr/libexec/qemu-bridge-helper ]]
test passes, the filecaps eclass still requires USE=filecaps to actually set the capabilities, in addition to library, kernel and filesystem support.  I do have all of the above and it still does not set net_admin for me; I have to run filecap after the install anyway.
Comment 5 Matthias Maier gentoo-dev 2019-04-08 01:56:54 UTC

*** This bug has been marked as a duplicate of bug 681346 ***