Silverblue, libvirt and virt-manager

This might be a bit long. Bear with me.

I’m trying out the latest and greatest on Fedora Silverblue. All around I am pleased with the immutable nature of the operating system except for the noticeable exception of virtual machines. I am most experienced with VirtualBox. Although it can be installed, the proprietary extension pack needed for enabling USB 3/XHCI requires writing to /usr and a few other paths. That is obviously not an option with Silverblue.

I then turned to libvirt, virt-manager and possibly GNOME Boxes.

I was able to install all of my VMs in non-root libvirt (qemu:///session). Since I also want to be able to have bridged networking (for Kali to use nmap and other ARP functions on the local network) I tried creating a bridge device. virt-manager doesn’t allow creating a bridge device without root (I’ve filed a bug report and it was discussed that while we could allow escalation just for creation, that wasn’t a worthwhile use case for the time being). So, I tried creating a bridge device manually and libvirt failed with a “permission denied by acl” error when trying to boot the VM.

I can create a bridge in an escalated QEMU session (qemu:///system) but this is not ideal. Not only are my images stored in /var/lib/libvirt (taking up space on my small root partition) but I would rather steer away from escalation as much as possible.

Creating bridge networks without root is possible on VirtualBox. Anyone have any suggestions? I just need a good VM solution on Silverblue.

Just choose somewhere other than /var/lib/libvirt to store your VMs.

SELinux contexts don’t allow root qemu to access images anywhere else. I haven’t invested the time to figure out how to add an exception. Plus, storing system VM images in my home drive that end up being owned by qemu and set with a different context isn’t really compatible with the common filesystem paradigm.

Hello @jdloft,
I have put my VM’s in my $HOME and not had any issues with respect to SELinux ever hampering me, and I use Silverblue daily. Though in truth I don’t use my VM’s daily since they are largely for MS Win based proprietary solutions that I need for certain customers. When I do need them I haven’t run across any issues with either Virt-Manager or Boxes (now) running them. I had more difficulty with Boxes and the USB port which I needed for communication to the specific hardware that uses closed proprietary drivers, while Virt-Manager gave the flexibility needed to overcome those issues. Having said that, I haven’t needed to spin them up for over two months currently, so…

The solution would be to Get bridged network working on the Flatpak but it’s not done yet.

That’s as simple as updating the SELinux contexts though.