Bug 464069
Summary: | Can't start domains as non-root any more | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mogens Kjaer <mk> | ||||||||||||
Component: | libvirt | Assignee: | Daniel Veillard <veillard> | ||||||||||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||
Severity: | medium | Docs Contact: | |||||||||||||
Priority: | medium | ||||||||||||||
Version: | 9 | CC: | berrange, evillagr, mk, surakshan, veillard | ||||||||||||
Target Milestone: | --- | ||||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | x86_64 | ||||||||||||||
OS: | Linux | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2008-10-20 22:17:45 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Attachments: |
|
Description
Mogens Kjaer
2008-09-26 06:36:26 UTC
I can confirm this. 1. In policykit, org.libvirt.unix.mangage has my user granted under explicit permissions 2. When virt-manager is run, I select 'Run as Unprivileged' 3. With the latest updates mentioned by OP, I cannot start the VM, nor create one. I have sort of proved that libvirt has policy support by doing the following 1. In policykit org.libvirt.unix.monitor (note MONITOR) I've BLOCKED access to my user 2. When virt-manager is run, I select 'Run as unprivilegded' 3. When I try connect to local host, it doesn't connect, which makes sense. 4. When I remove the blocked user, it works. Basically I cannot 'manage' a vm's even if I tell Policykit that I can I have the same problem. I'am using x86 kernel with kvm. When I try startup a VM as non-root user I get: libvirtError: operation virDomainCreate forbidden for read only access If I do net-list on virsh as non-root user, it show none virtual network. If I do net-list on virsh as root, it show default virtual network. Please provide the output of the following command LIBVIRT_DEBUG=1 virsh net-list when run as root, and also when run as non-root Created attachment 318053 [details]
debug output, non-root
Created attachment 318054 [details]
Debug output, root
Created attachment 318077 [details]
Debug output as non-root user
Bebug output on x86
Created attachment 318078 [details]
Debug output as root
Debug output on x86.
Created attachment 318079 [details]
virsh net-list without debug as root
On the same x86 machine.
Issue remains after upgrading to the following packages libvirt-0.4.6-2.fc9.i386 virt-manager-0.5.4-4.fc9.i386 WRT to comment #2 > I have the same problem. I'am using x86 kernel with kvm. When I try startup a > VM as non-root user I get: > libvirtError: operation virDomainCreate forbidden for read only access > > If I do net-list on virsh as non-root user, it show none virtual network. > If I do net-list on virsh as root, it show default virtual network. This is not a bug. You are not supplying any hypervisor URI to libvirt, so as non-root, it is connecting to 'qemu:///session' a per-User unprivileged connection which has no virtual networking. As root it will connect to 'qemu:///system' which does support networking. If you want to see the networks as non-root, you need to explicitly specify the hypervisor URI, eg virsh net-list --connect qemu:///system net-list This is not related to the original bug report here against virt manager, so if you have any further issues with this please open a separate bug. WRT the original reporter: Mogens Kjaer Are you running virt-manager privileged as root, or unprivileged as non-root ? In Fedora virt-manager is setup to prompt for root auth when it first starts. So, anyway, if virt-manager is running as root can you attach the file /root/.virt-manager/virt-manager.log While, if you are running it unprivileged, can you provide $HOME/.virt-manager/virt-manager.log Actually no need for that info - I've found the problem & will prepare a patch I've given non-root permissions to manage the virtual sessions using System | Preferences | System | Authorizations, so I run it "privileged as non-root", I guess. Looking forward to the patch, thanks! virt-manager-0.5.4-5.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/virt-manager-0.5.4-5.fc9 Fix built into F9 for updates in virt-manager-0.5.4-5.fc9 It works! Thanks again. (In reply to comment #15) > Fix built into F9 for updates in virt-manager-0.5.4-5.fc9 Good work. What was the original issue? Cheers virt-manager-0.5.4-5.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update virt-manager'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8588 I've tested virt-manager-0.5.4-5.fc9 thoroughly and confirm it works virt-manager-0.5.4-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. |