Not sure about best practice, but I just add my user to the nvmm group to access the /dev/nvmm device and use usermode networking in QEMU. This works with a regular user. For the real bridged network (when vm is seen as a real host and can be pinged) you should either have rw access to the /dev/tap[0123] or run QEMU as root.
> On Jul 2, 2025, at 17:40, Vitaly Shevtsov <shev.vt1984%gmail.com@localhost> wrote:
>
> I think you might forget to "up" the tap interface.
Thanks for pointing that out. Thinking this through, I could have indeed forgotten that. Many “real” interfaces don’t need it, so I am sometimes lazy about that. Thanks for the reminder.
> In short you just need to add your host physical interface and virtual
> tap interface (connected to the guest) to the same bridge:
> ifconfig tap0 create up //chmod a+rw /dev/tap0 to run QEMU as non-root
> ifconfig bridge0 create
> brconfig bridge0 add wm0 add tap0 up
>
> then start QEMU with the following options:
> -netdev tap,id=net0,ifname=tap0,script=no,downscript=no -device
> virtio-net-pci,netdev=net0
>
> Now your guest can communicate outside the virtual machine.
Yes, that is what I am now doing.
Does the user running QEMU matter beyond being able to read the files (disks, network device, etc.)?
What is best practice regarding that?
Cheers,
Brook