#2852 closed defect (fixed)
VirtualBox failed to start with an aliased iface or when two+ VM use the same iface
| 回報者: | MulX | 負責人: | |
|---|---|---|---|
| 元件: | network/hostif | 版本: | VirtualBox 2.1.0 |
| 關鍵字: | 副本: | ||
| Guest type: | Linux | Host type: | Linux |
描述 (由 作最後更新)
When I want to attach the interface of my guest machine to an aliased iface of my computer, I don't have error.
I use :
VBoxManage modifyvm <name> -nic1 hostif -hostifdev eth2:0
But I can't start the VM.
I get this error :
Error: failed to start machine. Error message: Failed to open/create the internal network 'HostInterfaceNetworking-eth2:0' (VERR_INTNET_FLT_IF_NOT_FOUND). Unknown error creating VM (VERR_INTNET_FLT_IF_NOT_FOUND)
Using Gentoo as host, and Debian as guest (but any other guest produce same error)
更動歷史 (29)
comment:2 16 年 前 由 編輯
I can confirm this issue on Ubuntu 8.10 and 8.04.1.
When you use VBoxManage, it doesn't complain if you specify an aliased iface.
Currently it is a fairly major obstacle. I actually don't have any other VMs running and it still complains about the device being missing.
comment:3 16 年 前 由 編輯
This is a known issue. So far only one VM can attach to the same host interface at the same time. To work around this limitation, enter the following command:
VBoxManage setextradata VM_NAME \ VBoxInternal/Devices/pcnet/0/LUN#0/Config/RestrictAccess false
These values are apply if you have one pcnet network card set up for your guest. If you are using e1000, change pcnet to e1000.
We are working on this to get a more intuitive behavior.
comment:4 16 年 前 由 編輯
The workaround doesn't work:
When I change the setting as frank suggested I get on startup the following failure:
Configuration error: Failed to get the "RestrictAccess" value (VERR_CFGM_NOT_INTEGER). Unknown error creating VM (VERR_CFGM_NOT_INTEGER).
Obviously the parameter wants to be an Integer. But when I try 0 or 1, on Starting the Box I still get the failure from above:
Failed to open/create the internal network 'HostInterfaceNetworking-eth0:0' (VERR_INTNET_FLT_IF_NOT_FOUND).
This happens only when I use a virtual-device with the name "eth0:0". When using eth0 everything works fine.
comment:5 16 年 前 由 編輯
I am having the same issue of:
Error: failed to start machine. Error message: Failed to open/create the internal network 'HostInterfaceNetworking-eth2:0' (VERR_INTNET_FLT_IF_NOT_FOUND). Unknown error creating VM (VERR_INTNET_FLT_IF_NOT_FOUND)
but I am on a Windows host with a Gentoo guest VM and no other VM's, using 2.10 binary version
comment:6 16 年 前 由 編輯
Sorry, copied wrong part, the error should have been this:
Failed to attach the network LUN (VERR_INTNET_FLT_IF_NOT_FOUND) Unknown error creating VM (VERR_INTNET_FLT_IF_NOT_FOUND)
comment:8 16 年 前 由 編輯
Sorry, my fault. The correct line is
VBoxManage setextradata VM_NAME \ VBoxInternal/Devices/pcnet/0/LUN#0/Config/RestrictAccess 0
(Note 0 not false). Please check again if this command does work around the issue for you.
comment:10 16 年 前 由 編輯
Replying to mkmaster78:
No the VM is giving me the same error still.
My error goes away if i switch to NAT instead of attaching to host interface.
comment:11 16 年 前 由 編輯
| 元件: | network → network/hostif |
|---|
跟進: 13 comment:12 16 年 前 由 編輯
mkmaster, that fix applied to the second issue (two or more VMs use the same interface). Starting a VM with an aliased interface is currently not possible (and perhaps never will).
comment:13 16 年 前 由 編輯
Replying to frank:
mkmaster, that fix applied to the second issue (two or more VMs use the same interface). Starting a VM with an aliased interface is currently not possible (and perhaps never will).
I'm not using an alias and I have only one VM. I am using attached to network interface option within the dropdowns, which should be supported I believe, as it is an available and documented option.
跟進: 15 comment:14 16 年 前 由 編輯
mkmaster78,
vboxnetflt attaches to devices, not interfaces, so there is no way or any sense in attaching to aliased interface. You need to attach to underlying device instead. GUI selection list is updated in the upcoming release.
跟進: 16 comment:15 16 年 前 由 編輯
Replying to aleksey:
mkmaster78,
vboxnetflt attaches to devices, not interfaces, so there is no way or any sense in attaching to aliased interface. You need to attach to underlying device instead. GUI selection list is updated in the upcoming release.
I didn't speak of attaching to an aliased interface, i was merely speaking of, under networking options, on the part saying Attached To:, the option of Host Interface is throwing off this error when I start the VM, whereas if I select NAT, the error goes away. I attach it to the Broadcom ethernet adapter on my Windows XP computer.
跟進: 17 comment:16 16 年 前 由 編輯
Replying to mkmaster78:
Replying to aleksey:
mkmaster78,
vboxnetflt attaches to devices, not interfaces, so there is no way or any sense in attaching to aliased interface. You need to attach to underlying device instead. GUI selection list is updated in the upcoming release.
I didn't speak of attaching to an aliased interface, i was merely speaking of, under networking options, on the part saying Attached To:, the option of Host Interface is throwing off this error when I start the VM, whereas if I select NAT, the error goes away. I attach it to the Broadcom ethernet adapter on my Windows XP computer.
As you put it your problem is completely different from the one mentioned in the ticket description. Please try 2.1.2, your problem may have been resolved there.
comment:17 16 年 前 由 編輯
Replying to aleksey:
As you put it your problem is completely different from the one mentioned in the ticket description. Please try 2.1.2, your problem may have been resolved there.
I am now running 2.1.2, and the problem persists. (ie, it doesn't work to attach two VMs to the same interface when the two VMs are running under different users).
On top of this, the solution proposed above has stopped working. I test before and after running this command:
VBoxManage setextradata jeos-lamp VBoxInternal/Devices/pcnet/0/LUN#0/Config/RestrictAccess 0
Before running it (and with another VM running under another user) I get:
Failed to open/create the internal network 'HostInterfaceNetworking-eth0' (VERR_PERMISSION_DENIED). Unknown error creating VM (VERR_PERMISSION_DENIED).
After running it I get:
Failed to open/create the internal network 'HostInterfaceNetworking-eth0' (VERR_INTNET_INCOMPATIBLE_FLAGS). Unknown error creating VM (VERR_INTNET_INCOMPATIBLE_FLAGS).
Either way I'm toast trying to run host interface attached VMs under different users. :)
comment:18 16 年 前 由 編輯
To get back to the first issue: it doesn't make any sense to me to have VBox use an aliased interface. VirtualBox binds to the interface at the Ethernet level, so it's only applicable to the real network interface. So that part of the behavior is entirely correct IMHO.
comment:19 16 年 前 由 編輯
My issue is resolved with 2.12. I don't know if mine is related to the others here (however, as it is throwing the same error, it is likely the are more similar than most would assume) so I definately recommend updating.
comment:20 16 年 前 由 編輯
Hi all, hope we can help others with the way we use to solve the above discussed problem.
Problem:
When: User-1 has a running VM with bridged network Interface-A (i.e. eth0, br0, whatsoever) Then: User-2 can not start another one VM with bridged networking Interface-A
Errormessage like:
Failed to open/create the internal network 'HostInterfaceNetworking-eth0' (VERR_PERMISSION_DENIED). Unknown error creating VM (VERR_PERMISSION_DENIED).
VirtualBox Versions:
This problem was true for us in all versions of VirtualBox 2 up to 2.2.2. (we still use this)
Remark:
The solution given in ticket #2852 with VBoxManage setextradata VM_NAME VBoxInternal/Devices/pcnet/0/LUN#0/Config/RestrictAccess 0 / VBoxManage setextradata VM_NAME VBoxInternal/Devices/pcnet/0/LUN#0/Config/RestrictAccess false did not work for us
Now one possible solution we use since months:
For each user that want start a VM make tap-devices bridged to your desired network interface, i.e. tapuser1 and tapuser2. You can use "tunctl" for this. We use Fedora FC10 and made us a patch to the ifup-eth/ifdown-eth scripts (Type="Tap") In the upcoming FC11 seems to be included a very similar patch, so we will use this in future. In VirtualBox the User1 in his VM now selects the bridged interface "tapuser1", and the User2 in his VM similarly the "tapuser2".
Just to complete the idea here excerpts of the patches and some example network interface files: /etc/sysconfig/network-scripts/ifup-eth: @@ -54,16 +54,6 @@
fi
fi
+if [ "${TYPE}" = "Tap" ]; then + if [ ! -x /usr/sbin/tunctl ]; then + echo $"TUN/TAP support not available: tunctl not found" + exit 1 + fi + if [ ! -d /sys/class/net/${DEVICE} ]; then
| exit 1 |
+ fi +fi +
if [ "${TYPE}" = "Bridge" ]; then
if [ ! -x /usr/sbin/brctl ]; then
echo $"Bridge support not available: brctl not found"
/etc/sysconfig/network-scripts/ifdown-eth: @@ -144,12 +144,4 @@
fi
fi
+if [ "${TYPE}" = "Tap" ]; then + if [ ! -x /usr/sbin/tunctl ]; then + echo $"TUN/TAP support not available: tunctl not found" + elif [ ! -d /sys/class/net/${DEVICE} ]; then + /usr/sbin/tunctl -d ${DEVICE} + fi +fi +
exit $retcode
/etc/sysconfig/network-scripts/ifcfg-br0: # Bridge device DEVICE=br0 TYPE=Bridge ...
/etc/sysconfig/network-scripts/ifcfg-eth0: ... BRIDGE=br0
/etc/sysconfig/network-scripts/ifcfg-tapuser1: # TAP device DEVICE=tapuser1 TYPE=Tap GROUP=vboxusers ... BRIDGE=br0
/etc/sysconfig/network-scripts/ifcfg-tapuser2: # TAP device DEVICE=tapuser2 TYPE=Tap GROUP=vboxusers ... BRIDGE=br0
Hope this helps :-)
comment:21 15 年 前 由 編輯
In v3.1.2 it still is not possible to use bridged networking by multiple users simultaneously. I hope it can be fixed some day. For now, I'll use the per-user tap solution by rf. Thanks!
comment:23 14 年 前 由 編輯
| 狀態: | new → closed |
|---|---|
| 處理結果: | → fixed |
Just to make sure that everybody understands:
- Attaching to the same host interface by different users poses a security threat
- It is possible to attach to the same host interface by different users if you modify ALL VMs that attach to the interface. Different users will probably have similar VMs but the actual VM files are different!
- VirtualBox will skip user access check if VM is modified with:
VBoxManage setextradata <VM_NAME> \ VBoxInternal/Devices/<ADAPTER_TYPE>/<ADAPTER_SLOT>/LUN#0/Config/RestrictAccess 0
- where
- <ADAPTER_TYPE> can be pcnet, e1000, or virtio-net depending on the actual type of network adapter set in VM settings
- <ADAPTER_SLOT> is 0 for the first adapter, 1 for the second and so on
- If you change the type of network adapter in VM the above solution will stop working. You need to disable access check for new adapter type as well.
That said, I am resolving this ticket as the original description has almost nothing to do with the problem being discussed. Please open another ticket with proper description if you still have trouble attaching to the same host interface from different user accounts.
comment:24 14 年 前 由 編輯
| 狀態: | closed → reopened |
|---|---|
| 處理結果: | fixed |
Can someone please explain why this poses a security threat? How is this different from, say, having multiple physical Windows machines on the same shared Ethernet?
I'm reopening this bug because as far as I can tell, the RestrictAccess parameter is not documented.
comment:25 14 年 前 由 編輯
This is not working with 4.1.2 in Ubuntu natty (10.04). The configuration
VBoxManage setextradata Windows \ VBoxInternal/Devices/virtio-net/0/LUN#0/Config/RestrictAccess 0
doesn't solves the problem and the error continues:
manager@server:~$ vboxmanage startvm Windows Waiting for VM "Windows" to power on... VBoxManage: error: Failed to open/create the internal network 'HostInterfaceNetworking-eth0' (VERR_PERMISSION_DENIED). VBoxManage: error: Failed to attach the network LUN (VERR_PERMISSION_DENIED) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component Console, interface IConsole, callee manager@server:~$
I tested with pcnet, e1000 and virtio but any of them worked.
comment:26 14 年 前 由 編輯
I found my mistake. Its needed to modify ALL VMs that attach to the interface!!!
comment:27 11 年 前 由 編輯
| 描述: | 修改 (差異) |
|---|---|
| 狀態: | reopened → closed |
| 處理結果: | → fixed |
comment:28 7 年 前 由 編輯
| 狀態: | closed → reopened |
|---|---|
| 處理結果: | fixed |
i reopened due this are not clarelly documented in the virtualbox site documentation
also its very ilogic and make no sense too much protection, virtualbox its not a "pufff high end virtual machine" software,
ticket https://www.alldomusa.eu.org/ticket/3030 (#3030)said that VB retrics acces due user protection from spy!
the most usage are for desktop users, and commonly guindowsers mocosoft users..
so spy from same computer where the access of the net must be grant by the root administrator, please men! gime a break!
comment:29 7 年 前 由 編輯
| 狀態: | reopened → closed |
|---|---|
| 處理結果: | → fixed |
You are not making sense. Please, do not reopen ancient bugs.
Doh ! I have not finish to explain the other problems!
You can't also start two vm attached to the same iface if the two VM is running on two different users.
Starting a VM with nic1 attached to eth2 as user : user1. It's ok Starting on other VM with nic1 attached to eth2 as user : user1. It's also ok. Starting a third VM with nic1 attached to eth2 as user : user2. Failed.
And if I stop the VM running of user1 and I try to start VM of user2, it's ok.