diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 18e472220e..679194f4cc 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -4144,8 +4144,9 @@ qemu-kvm -net nic,model=? /dev/null
For tuning the backend of the network, the backend element
can be used. The vhost attribute can override the default vhost
device path (/dev/vhost-net) for devices with virtio model.
- Supported attributes are tap and vhost,
- allowing to override the default devices for creating tap and vhost devices.
+ The tap attribute overrides the tun/tap device path (default:
+ /dev/net/tun) for network and bridge interfaces. This does not work
+ in session mode.
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 3b6eddcd5c..06a59d015f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -299,8 +299,14 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
const char *tunpath = "/dev/net/tun";
- if (net->backend.tap)
+ if (net->backend.tap) {
tunpath = net->backend.tap;
+ if (!cfg->privileged) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("cannot use custom tap device in session mode"));
+ goto cleanup;
+ }
+ }
if (!(brname = virDomainNetGetActualBridgeName(net))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing bridge name"));
@@ -7721,6 +7727,15 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd,
return -1;
}
+ if (net->backend.tap &&
+ !(actualType == VIR_DOMAIN_NET_TYPE_NETWORK ||
+ actualType == VIR_DOMAIN_NET_TYPE_BRIDGE)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Custom tap device path is not supported for: %s"),
+ virDomainNetTypeToString(actualType));
+ return -1;
+ }
+
if (actualType == VIR_DOMAIN_NET_TYPE_NETWORK ||
actualType == VIR_DOMAIN_NET_TYPE_BRIDGE) {
tapfdSize = net->driver.virtio.queues;