Bug 464069
| Summary: | Can't start domains as non-root any more | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mogens Kjaer <mk> | ||||||||||||
| Component: | libvirt | Assignee: | Daniel Veillard <veillard> | ||||||||||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||
| Severity: | medium | Docs Contact: | |||||||||||||
| Priority: | medium | ||||||||||||||
| Version: | 9 | CC: | berrange, evillagr, mk, surakshan, veillard | ||||||||||||
| Target Milestone: | --- | ||||||||||||||
| Target Release: | --- | ||||||||||||||
| Hardware: | x86_64 | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | Environment: | ||||||||||||||
| Last Closed: | 2008-10-20 22:17:45 UTC | Type: | --- | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Embargoed: | |||||||||||||||
| Attachments: |
|
||||||||||||||
I can confirm this. 1. In policykit, org.libvirt.unix.mangage has my user granted under explicit permissions 2. When virt-manager is run, I select 'Run as Unprivileged' 3. With the latest updates mentioned by OP, I cannot start the VM, nor create one. I have sort of proved that libvirt has policy support by doing the following 1. In policykit org.libvirt.unix.monitor (note MONITOR) I've BLOCKED access to my user 2. When virt-manager is run, I select 'Run as unprivilegded' 3. When I try connect to local host, it doesn't connect, which makes sense. 4. When I remove the blocked user, it works. Basically I cannot 'manage' a vm's even if I tell Policykit that I can I have the same problem. I'am using x86 kernel with kvm. When I try startup a VM as non-root user I get: libvirtError: operation virDomainCreate forbidden for read only access If I do net-list on virsh as non-root user, it show none virtual network. If I do net-list on virsh as root, it show default virtual network. Please provide the output of the following command LIBVIRT_DEBUG=1 virsh net-list when run as root, and also when run as non-root Created attachment 318053 [details]
debug output, non-root
Created attachment 318054 [details]
Debug output, root
Created attachment 318077 [details]
Debug output as non-root user
Bebug output on x86
Created attachment 318078 [details]
Debug output as root
Debug output on x86.
Created attachment 318079 [details]
virsh net-list without debug as root
On the same x86 machine.
Issue remains after upgrading to the following packages libvirt-0.4.6-2.fc9.i386 virt-manager-0.5.4-4.fc9.i386 WRT to comment #2 > I have the same problem. I'am using x86 kernel with kvm. When I try startup a > VM as non-root user I get: > libvirtError: operation virDomainCreate forbidden for read only access > > If I do net-list on virsh as non-root user, it show none virtual network. > If I do net-list on virsh as root, it show default virtual network. This is not a bug. You are not supplying any hypervisor URI to libvirt, so as non-root, it is connecting to 'qemu:///session' a per-User unprivileged connection which has no virtual networking. As root it will connect to 'qemu:///system' which does support networking. If you want to see the networks as non-root, you need to explicitly specify the hypervisor URI, eg virsh net-list --connect qemu:///system net-list This is not related to the original bug report here against virt manager, so if you have any further issues with this please open a separate bug. WRT the original reporter: Mogens Kjaer Are you running virt-manager privileged as root, or unprivileged as non-root ? In Fedora virt-manager is setup to prompt for root auth when it first starts. So, anyway, if virt-manager is running as root can you attach the file /root/.virt-manager/virt-manager.log While, if you are running it unprivileged, can you provide $HOME/.virt-manager/virt-manager.log Actually no need for that info - I've found the problem & will prepare a patch I've given non-root permissions to manage the virtual sessions using System | Preferences | System | Authorizations, so I run it "privileged as non-root", I guess. Looking forward to the patch, thanks! virt-manager-0.5.4-5.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/virt-manager-0.5.4-5.fc9 Fix built into F9 for updates in virt-manager-0.5.4-5.fc9 It works! Thanks again. (In reply to comment #15) > Fix built into F9 for updates in virt-manager-0.5.4-5.fc9 Good work. What was the original issue? Cheers virt-manager-0.5.4-5.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update virt-manager'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8588 I've tested virt-manager-0.5.4-5.fc9 thoroughly and confirm it works virt-manager-0.5.4-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: After the latest update of libvirt I can't start a virtual machine in virt-manager as a non-root user. I've enabled active console access to manage local virtualized systems in System | Preferences | System | Authorizations and it used to work. Version-Release number of selected component (if applicable): It worked before these updates: Sep 25 15:44:35 Updated: libvirt-0.4.5-2.fc9.x86_64 Sep 25 15:45:27 Updated: libvirt-python-0.4.5-2.fc9.x86_64 How reproducible: Every time Steps to Reproduce: 1. Start virt-manager 2. Open virtual machine 3. Click on run Actual results: Error starting domain: operation virDomainCreate forbidden for read only access Details: Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/engine.py", line 472, in run_domain vm.startup() File "/usr/share/virt-manager/virtManager/domain.py", line 379, in startup self.vm.create() File "/usr/lib64/python2.5/site-packages/libvirt.py", line 262, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: operation virDomainCreate forbidden for read only access Expected results: Domain starting Additional info: