Use qemu's user-mode networking when not running as root

diff --git a/mkosi.md b/mkosi.md
index d79135745668243220245f0b05bfecc647a7c608..b07effefeee81ee2a1d5fbdfbd0dec920e5d9f47 100644 (file)
--- a/mkosi.md
+++ b/mkosi.md
@@ -85,9 +85,6 @@ The following command line verbs are known:
   only supported on images that contain a boot loader, i.e. those
   built with `Bootable=yes` (see below). This command must be executed
   as `root` unless the image already exists and `-f` is not specified.
-  Some qemu arguments (such as those set by `Netdev=yes`) may also
-  prevent qemu from starting when this command is executed by a
-  non-root user.
 
 `ssh`
 

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 56cceaa0121143c052ca0ccae260eb114cb190d1..91db08e717124b8dbedf34853c1c76d82c6e2870 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -7806,8 +7806,9 @@ def run_qemu_cmdline(args: MkosiArgs) -> Iterator[List[str]]:
         cmdline += ["-vga", "virtio"]
 
     if args.netdev:
-        if not ensure_networkd(args):
-            # Fall back to usermode networking if the host doesn't have networkd (eg: Debian)
+        if not ensure_networkd(args) or os.getuid() != 0:
+            # Fall back to usermode networking if the host doesn't have networkd (eg: Debian).
+            # Also fall back if running as an unprivileged user, which likely can't set up the tap interface.
             fwd = f",hostfwd=tcp::{args.ssh_port}-:{args.ssh_port}" if args.ssh_port != 22 else ""
             cmdline += ["-nic", f"user,model=virtio-net-pci{fwd}"]
         else: