similar to: selective virsh host permissions

I read this page https://libvirt.org/aclpolkit.html And it is written :"At this point in time, the only attribute provided by libvirt to identify the user invoking the operation is the PID of the client program. This means that the polkit access control driver is only useful if connections to libvirt are restricted to its UNIX domain socket." 2018-05-09 11:00 GMT+03:00 Daniel P.

Hello! According to the documentation access control drivers are not in really "good condition". There is a polkit, but it can distinguish users only according the pid. However, I have met some articles about more fine-grained control and about selinux drivers for libvirt? So, what is the status now? Should I implement something by myself if I want access based on login, are their

Hi, I would like to allow a user (non-root) to access the console of his VM (he's got root access on it). Using sudo doesn't seem to work: /bin/virsh console vm error: failed to get domain 'vm' error: Domain not found: no domain with matching name 'vm' If I assign suid to virsh, I get: 'error: Failed to initialize libvirt' I don't see any information on

Hey! I have some RHEL6 hypervisors and the VMs are in raw qemu image files in a local raid array linux raid + lvm + ext3. When a kernel update is installed a reboot is necessary, usually it has been more than 180 days since the last reboot and the file system is fsck'd and this takes 2-3 hours. I am curious to know if there is any documentation that addresses the pro's and con's of

Good Afternoon, I was curious to know what happens to running guests when the qemu-kvm rpm is update via yum. I assume that the current qemu processes would be running the old binary, but the new processes would be started using the new binary. Please let me know if this assumption is correct. Regards, Jamie Ian Fargen -------------- next part -------------- An HTML attachment was scrubbed...

Ok, excuse me for misunderstanding, how it is possible then to set up access control when I use remote connection to KVM ( not in UNIX domain)? Is there any way within libvirt, maybe based on authentication or certificates? 2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé <berrange@redhat.com>: > On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote: > > I read this

I am searching for directions for using live block migration to copy running vm's to a different storage pool. Example: VM1 running on Host1, the image(s) for VM1 are stored in /var/lib/libvirt/images. I'd like to copy the disk image(s) that VM1 is using to /nfs/images. Without stopping/pausing/powering down the VM. Do you have any examples or documentation of how to accomplish this

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Hi everyone, We seem to be having issues on multiple CentOS 7.3 machines. The problem seems to revolve around polkitd. At some random time, polkitd seems to stop responding on my systems. Along with this, there might be hundreds of defunct pkla-check-authorization processes. If I reboot, then things are fine for a while. I don't see any activity in the unabridged journal to suggest anything

CentOS Errata and Security Advisory 2019:0230 Important Upstream details at : https://access.redhat.com/errata/RHSA-2019:0230 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 491b63a51365bb112538c3cc527cc9a0f9cbb8599989268b2367a88b6923e39d polkit-0.112-18.el7_6.1.i686.rpm

Hi all, I want to use libvirtd and polkit to create simple access restricitions for incoming TLS connections. libvirtd.conf: > ... > auth_tls = "sasl" > access_drivers = [ "polkit" ] > ... > tls_no_verify_certificate = 1 SASL and TLS in combination is already working without any faults. After activating access_drivers, the setup breaks, cause the access is

Hi, I'm having problems with libvirt crashing after a couple hours when a specific domain monitoring program is running. I have pasted below the following: 1. libvirt version 2. qemu-kvm version 3. OS version 4. Kernel version 5. libvirt status post-crash 6. libvirtd.log (info level dump around crash; too long to post everything so just the beginning and end. UTC) 7. custom.log (on what

On Thu, October 13, 2016 11:55 am, Mike - st257 wrote: > On Thu, Oct 13, 2016 at 11:33 AM, Valeri Galtsev > <galtsev at kicp.uchicago.edu> > wrote: > >> Dear Experts, >> >> Could someone point me in the right direction: how can I disable >> hybernate/suspend in CentOS 7? >> >> I get workstations for graduate students with decent amount of RAM

Am 14.10.2016 um 10:19 schrieb Liam O'Toole <liam.p.otoole at gmail.com>: > On 2016-10-13, Valeri Galtsev > <galtsev at kicp.uchicago.edu> wrote: >> >> On Thu, October 13, 2016 11:55 am, Mike - st257 wrote: >>> On Thu, Oct 13, 2016 at 11:33 AM, Valeri Galtsev >>> <galtsev at kicp.uchicago.edu> wrote: >>> >>>

Hello everyone, I had an issue with one of three servers upgrading from 6.4 to 6.5. It did not have the CR repo enabled. It failed dueing install, but I didn't catch the error (bad, bad, I know). OK, so it told me to run yum-complete transaction. After going through and figuring out what it had to do, it stops with this error: (etc, etc...) --> Processing Dependency:

Dear Experts, "this is system from the hell!" Than was my first reaction when I realized that logged in with GUI (X11) user can turn off (and on) network interfaces. Without being in sudoers file. Wow, this is scary to see on workstations I manage centrally. Even though I did consider local user to be able to execute the command "shutdown" (which distinguished RedHat and

I am using the libvirt API to manage VMs on the system, using a python wrapper to execute commands. I need to allow a webserver to access these commands and mostly read information about the VMs. The problem is that when using the web interface you use are basically running the commands as different user. Since libvirtd is run as root by default you get permission errors. Is there any way of

Em 21-12-2015 14:24, James Hogarth escreveu: > On 21 December 2015 at 15:08, Sylvain CANOINE <sylvain.canoine at tv5monde.org> > wrote: > >>> If you're using NetworkManager, you can "systemctl enable >>> NetworkManager-wait-online.service" and you won't have to override any >>> of the individual services. >> Our security experts

I have just upgraded my server from CentOS 5 to CentOS 6 and am having connectivity problems. My laptop runs Fedora 14, and I have been in the habit of mounting data partitions on my server by fstab entries. Since the update I've not been able to do that. On watching the messages during a reboot I saw a statement that the connection was denied by the server (where are those messages

Hi list, I installed on my workstation C8.1 (1911) and performed a minimal install and then installed XFCE from EPEL. I noticed a strange behaviour (don't know if this is the wanted default). If I try ,from normal user shell, to run command like "reboot" or "shutdown -h now" system will reboot/shutdown. This happens on tty console, on xfce terminal and ssh session.