Running kvm without root privileges

tales of a debian maintainer

Wed, 25 Mar 2009

Running kvm without root privileges

This is my recipe for easily running kvm as an unprivileged user without using sudo and custom network configuration scripts.

/etc/network/interfaces:

iface kvmnet inet static
        address         10.5.0.1
        netmask         255.255.255.0
        broadcast       10.5.0.255
        pre-up          ip tuntap add dev $IFACE mode tap user md
        post-down       ip tuntap del dev $IFACE mode tap
        # if you have an old release of iproute use these commands instead:
        #pre-up         vde_tunctl -t $IFACE -u md
        #post-down      vde_tunctl -d $IFACE
        up              echo 1 > /proc/sys/net/ipv4/ip_forward
        up              iptables --table nat --append POSTROUTING --jump MASQUERADE --source $IF_ADDRESS/$IF_NETMASK
        down            iptables --table nat --delete POSTROUTING --jump MASQUERADE --source $IF_ADDRESS/$IF_NETMASK

~/bin/kvm:

#!/bin/sh -e

iface='kvmnet'
macaddr='DE:AD:42:00:00:01'
model='virtio'

exec kvm \
    -net nic,vlan=0,macaddr=$macaddr,model=$model \
    -net tap,vlan=0,ifname=$iface,script=no,downscript=no \
    "$@"

Configuring a PV network interface is optional, but it is more efficient and if the guest uses udev and a modern kernel it will just work.

Bonus tip: use "-vnc :0 -usbdevice tablet -serial telnet:127.0.0.1:4444,server,nowait" for a headless guest which if needed will still have proper consoles.

Posted at 03:26:20 CET | # | Comment this post

S	M	T	W	T	F	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Md at debian.org

tales of a debian maintainer

Running kvm without root privileges

About

See also:

My blogroll: