On Tue, Jan 05, 2010 at 11:30:46PM +0000, T o n g wrote: > I want all users in the kvm group can start kvm and have > network access. Does this require different setting than > your previous answer? I believe so, see below. > If I config my box with static address before, say: snip > what should my '/etc/network/interfaces' file be now? > (please give full file, not just some segments) auto lo iface lo inet loopback iface eth0 inet manual auto br0 iface br0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 pre-up /usr/sbin/tunctl -u jon -t tap0 pre-up ifconfig tap0 up bridge_ports all tap0 post-down ifconfig tap0 down post-down tunctl -d tap0 > Having restarted networking, do I now need to use br0 > instead of eth0 for all primary network interface? (snip example) > know not to use eth0 as the primary network interface any > more automatically? I believe you can continue to refer to eth0 as you wish (certainly I do in the case of wireshark, for instance) > In this case, can other people in the kvm group use br0 as > well? What tunctl does is configure a tap device and give user jon access to it. The tap device is plumbed into the br0 bridge (the user jon does not need to manipulate the bridge directly). This would not give other users access to that tap device. Looking at the source code for tunctl, it seems to support a '-g' argument to specify a group for the tap device, in a similar way to the -u argument. This is missing from the man page, however. Having said all that, I don't think you want each VM to write to the same tap device: you want one per VM. So, to have a second VM, you would need to: * add 'tap1' to the end of the 'bridge_ports' line * copy all other lines with 'tap0', changing to 'tap1' If you wanted a more flexible, dynamic scheme, I think you would need to use another approach. -- Jon Dowland
Attachment:
signature.asc
Description: Digital signature