Received: from mout.gmx.net (mout.gmx.net [212.227.15.15])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id C8F4E21FFF6
	for <~alpine/users@lists.alpinelinux.org>; Thu,  4 Jul 2024 14:15:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.com;
	s=s31663417; t=1720102546; x=1720707346; i=daggs@gmx.com;
	bh=AP4gCLqEpmWt4lrzR6R6QcXPkxDieMAW2rIAYprDDuE=;
	h=X-UI-Sender-Class:MIME-Version:Message-ID:From:To:Subject:
	 Content-Type:Date:cc:content-transfer-encoding:content-type:date:
	 from:message-id:mime-version:reply-to:subject:to;
	b=Uohnn3ljv2f6gbT+mDfGIwTS4iP1/AXwQrjmRAClECBpk9i1F8xYKUGBhA4jEuO6
	 +HFaNJu4acHAY1ukpEVVW812JAHhA2qT+26UVQLfoO7oTbac0FKZmfO1Zrr0aHzpI
	 sI3Ehdir64nhrYIaMzS7fcnxPZhitUxDosZXnAQakKodfy0LZ+N+sERnkIcZKmNai
	 RsuIyoTA4OC2LzvofDhdM57QVklaNuIidL9vAXK6I793/99F1vys4Z4M9ZquNeXmD
	 PLtcZfOd5LQpKRvU0brc1LI4FAPx/Cg6WmpDCXn9CNmFdDDssbIO1K5Lb8N1ksKgp
	 iBzV4NcQdud25IfmuQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [176.228.135.45] ([176.228.135.45]) by web-mail.gmx.net
 (3c-app-mailcom-bs08.server.lan [172.19.170.176]) (via HTTP); Thu, 4 Jul
 2024 16:15:46 +0200
MIME-Version: 1.0
Message-ID: <trinity-ca06feea-8538-4eff-a897-19e97bc49431-1720102545939@3c-app-mailcom-bs08>
From: daggs <daggs@gmx.com>
To: ~alpine/users@lists.alpinelinux.org
Subject: unable to write to dev node
Content-Type: text/plain; charset=UTF-8
Date: Thu, 4 Jul 2024 16:15:46 +0200
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:AGJQ0mXiyzVY980nL7tcQ8HqcHe/5Jzi5hZuUN+7QbI/ppiPstXY4/si/Y58XW9xzTQbn
 biWhDUtwWuteD3RRaWZhYmlxwTnh1p5NIUj0B8F44PSelEhAmxqUswjRd8IycnBqMVUm+rGKNtiE
 InsBPuDY7o//gp1GRzp/mbQoTTfczxBTCnv7p6s4GwJMO1db/8JloUpWNRU0WTSoZRurfbSfFcso
 HyyE5LCDXzlWQ14m67ZSZT6UZTfpBUD+5MTGSt+BrQllswXiO+r1U+XiI25op8WgeWKyLKUyuZJl
 zo=
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:Q7H68gssYgA=;zahF1Qpvpyv/zkn9e2kcj/H6F7Z
 lOwJzGGx10Me1f7GxOJGm+/ss2TsPFhiKIgJdr9WJNFOu5XlW3q1P+Y2gYmWWR4InilvSjzAy
 XKZZ3Y91wHMHEa212xkGfDn93NzHG0e3IbIOenTw7aj3yg37Hu0aPj66K5902b/7IR4473XQH
 C2+5cS4ejSEqoTt78bHPBRj1bE7LI8v80XD5fXSxkLuzLwnXSJo2qfQlk5udhbkrCVIUeY5X7
 jEDB/6/i+RHpQJLLHcbrt/jHGd609Vm+vKP/BH/N+xUVqXuFfdjP+5rxGHNSWhIDmnc8uOL52
 1AAUejmTe7R8MzSse2muhmZFdyVVyE7kwoSSPf+QXb5mn6NXj3qMmTuKFv+hk4r2Cl+iex7hc
 ndHk4uRafNwZ2098LDC3TrArs5Byyya72F0yvCctkf6IpbKVxbBljdt2M9qdUDMHDMo08fO83
 Pdd3e4NiyG2Mky+m1S8dUT0e7eeUqtRh6jD5XoBPUV/4jupAKaWtdBwgMzlqUH67VQt0+tSby
 GBMMm6Xp+dITeti/Kj0HOBmN4HVSWYsQCTffir3l2J7cBl2KxeApY8LetEnpzhXRrFw/iBGPZ
 Bl9cytVysMwWJ3PA99xHGOTVZP7mQvf3tA+P1CDKl3TDz1oGmtu0LPLuTI+jTt27ji0eNxIVF
 QPUqxeUBLMiFa5BDLMsHLOx/W5/jGw6UIC+23Y3wE35kCvoFyOXnzLZ+fF0WKbE=

Greeting,

I'm trying to debug a bug under alpine linux when it comes to session based libvirt vms.
when starting a vm that has a virt nic binded to a bridge, I get this error: Unable to create tap device vnet0: Operation not permitted
I've looked into the code of libvirt and narrowed it down to this func: virNetDevTapCreate
I've taken the relevant code to a side file for testing, there is the code I use:
# include <linux/if.h>
# include <linux/if_tun.h>    /* IFF_TUN, IFF_NO_PI */
#include <stddef.h>
#include <stdlib.h>
# include <sys/ioctl.h>
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>


enum {
   VIR_NETDEV_TAP_CREATE_NONE = 0,
   /* Bring the interface up */
   VIR_NETDEV_TAP_CREATE_IFUP               = 1 << 0,
   /* Enable IFF_VNET_HDR on the tap device */
   VIR_NETDEV_TAP_CREATE_VNET_HDR           = 1 << 1,
   /* Set this interface's MAC as the bridge's MAC address */
   VIR_NETDEV_TAP_CREATE_USE_MAC_FOR_BRIDGE = 1 << 2,
   /* The device will persist after the file descriptor is closed */
   VIR_NETDEV_TAP_CREATE_PERSIST            = 1 << 3,
   /* The device is allowed to exist before creation */
   VIR_NETDEV_TAP_CREATE_ALLOW_EXISTING     = 1 << 4,
};

int main()
{
	int fd;
        char *tunpath = "/dev/net/tun";
	size_t tapfdSize = 1;
        struct ifreq ifr = { 0 };
	unsigned int flags = VIR_NETDEV_TAP_CREATE_IFUP;
	if (1)
		flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR;

        if ((fd = open(tunpath, O_RDWR)) < 0) {
            perror("Unable to open, is tun module loaded?");
            exit(1);
        }

        snprintf(ifr.ifr_name, 5, "vnet%d", 0);
        ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
        /* If tapfdSize is greater than one, request multiqueue */
        if (tapfdSize > 1)
            ifr.ifr_flags |= IFF_MULTI_QUEUE;

        if (flags &  VIR_NETDEV_TAP_CREATE_VNET_HDR)
            ifr.ifr_flags |= IFF_VNET_HDR;

        if (ioctl(fd, TUNSETIFF, &ifr) < 0) {
            perror("Unable to create tap device");
        }

        return 0;
}

it compiles fine and works under user root.
I have a user named foo which I use for the sessioned vm, looking at /dev/net/tun's permissions, I see this:
$ ll /dev/net/tun
crw-rw-rw- 1 root netdev 10, 200 Jul  4 15:52 /dev/net/tun

so I added foo to netdev group, now it has the following id output: uid=1002(foo) gid=1002(foo) groups=1002(foo),28(netdev),34(kvm),36(qemu),102(libvirt)
and ran the code again, I'm getting the same error.
I went to the libvirt community and one of the devs tried to help me with it, he concluded that there is something wrong in the alpine because it works in fedora.
in contrast, /dev/null has the same permissions as /dev/net/tun but the group is root and I can write to it as user foo.

any ideas what I am missing?

Thanks,

Dagg