libvirt users - Jun 2012 - unable to creating/list storage pools using non-root user

Hi all

I have a Fedora release 17 (Beefy Miracle) with libvirt versions:

libvirt-0.9.11.3-1.fc17.x86_64
virt-manager-0.9.1-3.fc17.noarch

I have allowed non-root user to user libvirt by allowing the user through
polkit

cat /etc/polkit-1/localauthority/50-local.d/cat
50-org.example-libvirt-remote-access.pkla

[Remote libvirt SSH access]
Identity=unix-group:virt
Action=org.libvirt.unix.manage;org.libvirt.unix.monitor
ResultAny=yes
ResultInactive=yes
ResultActive=yes

After doing the above i am able to connect to virt-manager as non-root user
but unable to create storage pools.

[juno at reserved ~]$ id
uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt)
context=staff_u:staff_r:staff_t:s0
[juno at reserved ~]$ virsh
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # pool-list
error: Failed to reconnect to the hypervisor
error: no valid connection
error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock':
Connection refused

virsh # list
error: Failed to reconnect to the hypervisor
error: no valid connection
error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock':
Connection refused

I have defined pool called virt-images (/virt-images) which the non-root
(in this case the username is Juno)  user has the read/write permissions

Also tried adding the permissions to unix socket in
/etc/libvirt/libvirtd.conf as below:

 cat /etc/libvirt/libvirtd.conf  | grep -v ^$ | grep -v ^#
unix_sock_group = "virt"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0770"
unix_sock_dir = "/var/run/libvirt"

But the unix socket are created in /var/run/libvirt and not in users home
directory, So how do we make a non-root user virsh commands check the
socket created in /var/run/libvirt. It always checks for the socket in
user's home directory ?

Any pointers on above would be helpfu.

Regards
Niranjan
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listman.redhat.com/archives/libvirt-users/attachments/20120622/84c23ffa/attachment.htm>

On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <niranjan.ashok at
gmail.com>
wrote:
>
> Hi all
>
> I have a Fedora release 17 (Beefy Miracle) with libvirt versions:
>
> libvirt-0.9.11.3-1.fc17.x86_64
> virt-manager-0.9.1-3.fc17.noarch
>
> I have allowed non-root user to user libvirt by allowing the user through
polkit
>
> cat /etc/polkit-1/localauthority/50-local.d/cat
50-org.example-libvirt-remote-access.pkla
>
> [Remote libvirt SSH access]
> Identity=unix-group:virt
> Action=org.libvirt.unix.manage;org.libvirt.unix.monitor
> ResultAny=yes
> ResultInactive=yes
> ResultActive=yes
>
> After doing the above i am able to connect to virt-manager as non-root
user but unable to create storage pools.
>
> [juno at reserved ~]$ id
> uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt)
context=staff_u:staff_r:staff_t:s0
> [juno at reserved ~]$ virsh
> Welcome to virsh, the virtualization interactive terminal.
>
> Type:  'help' for help with commands
>        'quit' to quit
>
> virsh # pool-list
> error: Failed to reconnect to the hypervisor
> error: no valid connection
> error: Failed to connect socket to
'@/home/juno/.libvirt/libvirt-sock':
Connection refused
>
> virsh # list
> error: Failed to reconnect to the hypervisor
> error: no valid connection
> error: Failed to connect socket to
'@/home/juno/.libvirt/libvirt-sock':
Connection refused
>
> I have defined pool called virt-images (/virt-images) which the non-root
(in this case the username is Juno)  user has the read/write
permissions
>
> Also tried adding the permissions to unix socket in
/etc/libvirt/libvirtd.conf as below:
>
>  cat /etc/libvirt/libvirtd.conf  | grep -v ^$ | grep -v ^#
> unix_sock_group = "virt"
> unix_sock_ro_perms = "0777"
> unix_sock_rw_perms = "0770"
> unix_sock_dir = "/var/run/libvirt"
>
> But the unix socket are created in /var/run/libvirt and not in users home
directory, So how do we make a non-root user virsh commands check the
socket created in /var/run/libvirt. It always checks for the socket in
user's home directory ?
>
> Any pointers on above would be helpfu.
>
> Regards
> Niranjan
>
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
I believe I ran into this, try using this virsh command as the polkit
authorized user

virsh -c qemu:///system

- Trey
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listman.redhat.com/archives/libvirt-users/attachments/20120622/50682573/attachment.htm>