| Summary: | Virt-viewer can't connect to guest graphic with non-root user and vnc listening on unix socket | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Fangge Jin <fjin> | ||||
| Component: | virt-viewer | Assignee: | Pavel Grunt <pgrunt> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 7.3 | CC: | dblechte, juzhou, mzhan, pgrunt, rbalakri, tzheng, xiaodwan | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | virt-viewer-2.0-13.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1377214 (view as bug list) | Environment: | |||||
| Last Closed: | 2017-08-01 15:04:11 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1377214 | ||||||
| Attachments: |
|
||||||
The socket is created with the root user, the "normal" user doesn't have permissions to it: (virt-viewer:6196): virt-viewer-DEBUG: Error operation forbidden: read only access prevents virDomainOpenGraphicsFD The only thing which can be considered as a bug is a not clear message to the user Posted patch to show a dialog with the reason of the failure: https://www.redhat.com/archives/virt-tools-list/2016-October/msg00003.html I verified with virt-viewer-5.0-2.el7.x86_64. when connect to a guest which listen a socket in qemu:///system by normal user, "Failed to connect: Connecting to unix socket failed: Permission denied" error pops up. So move the bug from ON_QA to VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1849 |
Created attachment 1202193 [details] virt-viewer log when connecting with non-root user Description of problem: Start a guest with vnc listens on a unix socket. In another terminal, login as non-root user, and use virt-viewer to connect to guest, it displays "Checking guest domain status" forever. $ virt-viewer -c qemu:///system rhel7.3-0817 --debug ...... (virt-viewer:7348): virt-viewer-DEBUG: After open connection callback fd=-1 (virt-viewer:7348): virt-viewer-DEBUG: Opening direct UNIX connection to display at /var/lib/libvirt/qemu/domain-91-rhel7.3-0817/vnc.sock (virt-viewer:7348): virt-viewer-DEBUG: Guest rhel7.3-0817 has not activated its display yet, waiting for it to start Version-Release number of selected component (if applicable): libvirt-2.0.0-9.el7.x86_64 virt-viewer-2.0-12.el7.x86_64 qemu-kvm-rhev-2.6.0-25.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1.Start a guest with vnc listens on unix socket: # virsh dumpxml rhel7.3-0817 <graphics type='vnc' socket='/var/lib/libvirt/qemu/domain-91-rhel7.3-0817/vnc.sock'> <listen type='socket' socket='/var/lib/libvirt/qemu/domain-91-rhel7.3-0817/vnc.sock'/> </graphics> Qemu command line: ...-vnc unix:/var/lib/libvirt/qemu/domain-91-rhel7.3-0817/vnc.sock... 2.Switch to non-root user, and use virt-viewer to connect guest: $ virt-viewer -c qemu:///system rhel7.3-0817 --debug Actual results: Virt-viewer can't connect to guest graphic with non-root user and vnc listening on unix socket Expected results: Virt-viewer can connect to guest graphic with non-root user and vnc listening on unix socket Additional info: 1. Swith to root user, and use virt-viewer to connect guest, it can open guest graphic successfully: # virt-viewer -c qemu:///system rhel7.3-0817 2. Change the vnc listen type to address, virt-viewer can open guest graphic correctly with non-root user