mallapadi niranjan
2012-Jun-22 06:05 UTC
[libvirt-users] unable to creating/list storage pools using non-root user
Hi all I have a Fedora release 17 (Beefy Miracle) with libvirt versions: libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch I have allowed non-root user to user libvirt by allowing the user through polkit cat /etc/polkit-1/localauthority/50-local.d/cat 50-org.example-libvirt-remote-access.pkla [Remote libvirt SSH access] Identity=unix-group:virt Action=org.libvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes After doing the above i am able to connect to virt-manager as non-root user but unable to create storage pools. [juno at reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt) context=staff_u:staff_r:staff_t:s0 [juno at reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused virsh # list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock': Connection refused I have defined pool called virt-images (/virt-images) which the non-root (in this case the username is Juno) user has the read/write permissions Also tried adding the permissions to unix socket in /etc/libvirt/libvirtd.conf as below: cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# unix_sock_group = "virt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" unix_sock_dir = "/var/run/libvirt" But the unix socket are created in /var/run/libvirt and not in users home directory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ? Any pointers on above would be helpfu. Regards Niranjan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120622/84c23ffa/attachment.htm>
Trey Dockendorf
2012-Jun-22 07:26 UTC
[libvirt-users] unable to creating/list storage pools using non-root user
On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <niranjan.ashok at gmail.com> wrote:> > Hi all > > I have a Fedora release 17 (Beefy Miracle) with libvirt versions: > > libvirt-0.9.11.3-1.fc17.x86_64 > virt-manager-0.9.1-3.fc17.noarch > > I have allowed non-root user to user libvirt by allowing the user throughpolkit> > cat /etc/polkit-1/localauthority/50-local.d/cat50-org.example-libvirt-remote-access.pkla> > [Remote libvirt SSH access] > Identity=unix-group:virt > Action=org.libvirt.unix.manage;org.libvirt.unix.monitor > ResultAny=yes > ResultInactive=yes > ResultActive=yes > > After doing the above i am able to connect to virt-manager as non-rootuser but unable to create storage pools.> > [juno at reserved ~]$ id > uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt)context=staff_u:staff_r:staff_t:s0> [juno at reserved ~]$ virsh > Welcome to virsh, the virtualization interactive terminal. > > Type: 'help' for help with commands > 'quit' to quit > > virsh # pool-list > error: Failed to reconnect to the hypervisor > error: no valid connection > error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock':Connection refused> > virsh # list > error: Failed to reconnect to the hypervisor > error: no valid connection > error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock':Connection refused> > I have defined pool called virt-images (/virt-images) which the non-root(in this case the username is Juno) user has the read/write permissions> > Also tried adding the permissions to unix socket in/etc/libvirt/libvirtd.conf as below:> > cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# > unix_sock_group = "virt" > unix_sock_ro_perms = "0777" > unix_sock_rw_perms = "0770" > unix_sock_dir = "/var/run/libvirt" > > But the unix socket are created in /var/run/libvirt and not in users homedirectory, So how do we make a non-root user virsh commands check the socket created in /var/run/libvirt. It always checks for the socket in user's home directory ?> > Any pointers on above would be helpfu. > > Regards > Niranjan > > > _______________________________________________ > libvirt-users mailing list > libvirt-users at redhat.com > https://www.redhat.com/mailman/listinfo/libvirt-usersI believe I ran into this, try using this virsh command as the polkit authorized user virsh -c qemu:///system - Trey -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120622/50682573/attachment.htm>
Maybe Matching Threads
- Disable hybernate/suspend in CentOS 7
- Remote connect using virsh qemu+ssh hangs / PolicyKit issue
- error when configuring management access via PolicyKit
- Disable hybernate/suspend in CentOS 7
- How to make virt-builder use qemu:///system instead of qemu:///session