# unable to use tuntap as non-root

## borfig

I am using kvm for my virtual machines, and tuntap for their network.

But I cannot use /dev/net/tun as non-root, although it is owned by root:kvm and my user is in the kvm group.

```
<snip>

open("/dev/net/tun", O_RDWR)            = 6

ioctl(6, 0x800454cf, 0x7fff53a18c58)    = 0

ioctl(6, TUNSETIFF, 0x7fff53a18c20)     = -1 EPERM (Operation not permitted)

write(2, "warning: could not configure /dev"..., 72) = 72

close(6)                                = 0

write(2, "Could not initialize device 'tap'"..., 34) = 34

exit_group(1)                           = ?
```

Google suggests that this is a lack of permissions via POSIX capabilities.

The tuntap device wasn't always using this feature, but now it does.

How to set the network capability for kvm to use?

----------

## Hu

One way to do this would be to use tunctl to pre-create a persistent TUN interface assigned to your user.  This does require some setup by a root user, but it works well.

----------

