similar to: spice session locking

Hi List, Is it possible to prevent other clients from stealing my libvirtd hosted spice session? This is a problem for me where multiple co-workers access the same guest over a qemu+ssh:// connection. Instead of simply disconnecting clients, I'd like libvirtd to deny the new client. I've been looking at polkit acl rules and the vnc sharePolicy attribute but so far no luck.

Any idea how to do this with virsh or hooks? Qemu seems to have a spice.set_ticket command, but calling this from virsh's 'qemu-monitor-command guest --hmp --cmd spice.set_ticket password' doesn't work. The password would somehow have to be reset once the client logs out. On Mon, Feb 16, 2015 at 11:50 AM, Michal Privoznik <mprivozn@redhat.com> wrote: > On 13.02.2015

On 13.02.2015 16:19, Jon Doe wrote: > Hi List, > > Is it possible to prevent other clients from stealing my libvirtd > hosted spice session? This is a problem for me where multiple > co-workers access the same guest over a qemu+ssh:// connection. > Instead of simply disconnecting clients, I'd like libvirtd to deny the > new client. > > I've been looking at

I'm working on some infrastructure which allows a remote password reset (with expiry) of a spice console running on a remote libvirtd/qemu-kvm. I currently have GSSAPI over tcp working and can set the password - but I can also do everything else - the default policy is still in place, and once authenticated, anything goes. I'm setting the password using a command like this: virsh

Hello, Does anyone have spice server for KVM Linux guests working with GSSAPI authentication? I've been trying for a while and I simply can't get it to work. I don't know what I'm doing wrong. I wouldn't be surprised if I've misunderstood something. I followed this guide: https://www.freeipa.org/page/Libvirt_with_VNC_Consoles Yes, the above is for VNC consoles. I just

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Is TLS required for the usage of Spice with KVM/libvirtd? I've been through the virt-install manpage a few times now to no avail. What is wrong with my syntax here (seen below)? Thanks. ~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm

Hi all, I want to use libvirtd and polkit to create simple access restricitions for incoming TLS connections. libvirtd.conf: > ... > auth_tls = "sasl" > access_drivers = [ "polkit" ] > ... > tls_no_verify_certificate = 1 SASL and TLS in combination is already working without any faults. After activating access_drivers, the setup breaks, cause the access is

Hi, I wanted just to ask an additional question to that: how then here in the polkit documentation you distinguish users?: Consider a local user berrange who has been granted permission to connect > to libvirt in full read-write mode. > 2018-04-12 11:01 GMT+03:00 Erik Skultety <eskultet@redhat.com>: > On Thu, Mar 22, 2018 at 08:17:15PM +0300, Anastasiya Ruzhanskaya wrote: >

Hi All, I am trying to implement the following use case. User sfrag is logged on the host via ssh. Running 'virsh list --all' should trigger PolKit authentication and present ALL domains suffixed with -SF I have used and adapted the example from: libvirt.org Git - libvirt.git/blob - examples/polkit/libvirt-acl.rules | | | | | | | | | | | libvirt.org Git - libvirt.git/blob -

I am trying to connect a KVM-QEMU VM to OVS-DPDK vhostuser port. But, I am encountering a few errors. Since I am very new to libvrt and Linux I am not able to sort them out. Any guidance in this regard would be a great help. These are my System Logs: Mar 28 18:03:04 dpdk-OptiPlex-5040 libvirtd.service: 1529: debug : virCommandRunAsync:2429 : About to run LIBVIRT_LOG_OUTPUTS=3:stderr

On 07.02.2014 09:47, Minami Katsumata wrote: > Hi, > > I'm having problems with libvirt crashing after a couple hours when a > specific domain monitoring program is running. > > I have pasted below the following: > 1. libvirt version > 2. qemu-kvm version > 3. OS version > 4. Kernel version > 5. libvirt status post-crash > 6. libvirtd.log (info level dump

On Mon, Jan 04, 2016 at 03:44:10PM +0100, Benedikt Heine wrote: > Hi all, > > I want to use libvirtd and polkit to create simple access restricitions for > incoming TLS connections. This is sadly not possible. polkit will only authenticate against unix users. I filed an RFE long ago requesting for polkit to be generalized so that we could use it against virtual (ie non-UNIX system)

I'm attempting to remote connect to my KVM instance using virsh, but all the commands hang. When issuing the below command, nothing on the remote system happens, and no errors are displayed, (hostname changed) $ virsh --debug 5 --log /var/lib/foreman/virsh.log -c qemu+ssh://foreman at kvmhost.tld:16509/system?no_tty=1 This is the uncommented lines in /etc/libvirt/libvirtd.conf ----------

Hi, I have the following error in syslog when starting virt-manager and trying to connect: May 25 16:39:33 sage libvirtd: 16:39:33.525: error : remoteDispatchAuthPolkit:3846 : Policy kit denied action org.libvirt.unix.manage from pid 27509, uid 500, result: 512 I can manually start the kvm guest using virsh, but why can't virt-manager start them? This is on fedora14 x86_64: # rpm

Hi, Libvirtd is in listen mode. /etc/libvirt/libvirtd.conf listen_tls = 0 listen_tcp = 1 auth_tcp = "sasl" my trying to setup polkit authentication using http://wiki.libvirt.org/page/SSHPolicyKitSetup [root at aopcach ~]# cat /etc/polkit-1/localauthority/50-local.d/50-org.arindam-libvirt-remote-access.pkla [Remote libvirt SSH access] Identity=unix-user:arindam

Dear all, After "yum update" and reboot on a CentOS 7 server running kvm, all VM guests fail to receive keyboard input. Even sending ctrl-alt-delete from the virt-manager "Send Key" menu is inoperative. Most guests are set up as spice + QXL, and viewed on remote X sessions using virt-manager. Extensive browsing for a solution has turned up only dead ends. I tried reverting to

Hi all I have a Fedora release 17 (Beefy Miracle) with libvirt versions: libvirt-0.9.11.3-1.fc17.x86_64 virt-manager-0.9.1-3.fc17.noarch I have allowed non-root user to user libvirt by allowing the user through polkit cat /etc/polkit-1/localauthority/50-local.d/cat 50-org.example-libvirt-remote-access.pkla [Remote libvirt SSH access] Identity=unix-group:virt

Hi, I'm having problems with libvirt crashing after a couple hours when a specific domain monitoring program is running. I have pasted below the following: 1. libvirt version 2. qemu-kvm version 3. OS version 4. Kernel version 5. libvirt status post-crash 6. libvirtd.log (info level dump around crash; too long to post everything so just the beginning and end. UTC) 7. custom.log (on what

Hi, I found an answer : Use virConnectOpenAuth() instead of virConnectOpenReadOnly(). As my piece of code is running silently (without user connected) , by using virConnectOpenAuth() , is it possible to avoid to prompt user to get user /password ? Thx. J.P. -----Message d'origine----- De : libvirt-users-bounces@redhat.com [mailto:libvirt-users-bounces@redhat.com] De la part de