Wed, 25 Mar 2009
Running kvm without root privileges
This is my recipe for easily running kvm as an unprivileged user without using sudo and custom network configuration scripts.
/etc/network/interfaces:
iface kvmnet inet static address 10.5.0.1 netmask 255.255.255.0 broadcast 10.5.0.255 pre-up ip tuntap add dev $IFACE mode tap user md post-down ip tuntap del dev $IFACE mode tap # if you have an old release of iproute use these commands instead: #pre-up vde_tunctl -t $IFACE -u md #post-down vde_tunctl -d $IFACE up echo 1 > /proc/sys/net/ipv4/ip_forward up iptables --table nat --append POSTROUTING --jump MASQUERADE --source $IF_ADDRESS/$IF_NETMASK down iptables --table nat --delete POSTROUTING --jump MASQUERADE --source $IF_ADDRESS/$IF_NETMASK
~/bin/kvm:
#!/bin/sh -e iface='kvmnet' macaddr='DE:AD:42:00:00:01' model='virtio' exec kvm \ -net nic,vlan=0,macaddr=$macaddr,model=$model \ -net tap,vlan=0,ifname=$iface,script=no,downscript=no \ "$@"
Configuring a PV network interface is optional, but it is more efficient and if the guest uses udev and a modern kernel it will just work.
Bonus tip: use "-vnc :0 -usbdevice tablet -serial telnet:127.0.0.1:4444,server,nowait" for a headless guest which if needed will still have proper consoles.