Description of problem: After the latest update of libvirt I can't start a virtual machine in virt-manager as a non-root user. I've enabled active console access to manage local virtualized systems in System | Preferences | System | Authorizations and it used to work. Version-Release number of selected component (if applicable): It worked before these updates: Sep 25 15:44:35 Updated: libvirt-0.4.5-2.fc9.x86_64 Sep 25 15:45:27 Updated: libvirt-python-0.4.5-2.fc9.x86_64 How reproducible: Every time Steps to Reproduce: 1. Start virt-manager 2. Open virtual machine 3. Click on run Actual results: Error starting domain: operation virDomainCreate forbidden for read only access Details: Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/engine.py", line 472, in run_domain vm.startup() File "/usr/share/virt-manager/virtManager/domain.py", line 379, in startup self.vm.create() File "/usr/lib64/python2.5/site-packages/libvirt.py", line 262, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: operation virDomainCreate forbidden for read only access Expected results: Domain starting Additional info:
I can confirm this. 1. In policykit, org.libvirt.unix.mangage has my user granted under explicit permissions 2. When virt-manager is run, I select 'Run as Unprivileged' 3. With the latest updates mentioned by OP, I cannot start the VM, nor create one. I have sort of proved that libvirt has policy support by doing the following 1. In policykit org.libvirt.unix.monitor (note MONITOR) I've BLOCKED access to my user 2. When virt-manager is run, I select 'Run as unprivilegded' 3. When I try connect to local host, it doesn't connect, which makes sense. 4. When I remove the blocked user, it works. Basically I cannot 'manage' a vm's even if I tell Policykit that I can
I have the same problem. I'am using x86 kernel with kvm. When I try startup a VM as non-root user I get: libvirtError: operation virDomainCreate forbidden for read only access If I do net-list on virsh as non-root user, it show none virtual network. If I do net-list on virsh as root, it show default virtual network.
Please provide the output of the following command LIBVIRT_DEBUG=1 virsh net-list when run as root, and also when run as non-root
Created attachment 318053 [details] debug output, non-root
Created attachment 318054 [details] Debug output, root
Created attachment 318077 [details] Debug output as non-root user Bebug output on x86
Created attachment 318078 [details] Debug output as root Debug output on x86.
Created attachment 318079 [details] virsh net-list without debug as root On the same x86 machine.
Issue remains after upgrading to the following packages libvirt-0.4.6-2.fc9.i386 virt-manager-0.5.4-4.fc9.i386
WRT to comment #2 > I have the same problem. I'am using x86 kernel with kvm. When I try startup a > VM as non-root user I get: > libvirtError: operation virDomainCreate forbidden for read only access > > If I do net-list on virsh as non-root user, it show none virtual network. > If I do net-list on virsh as root, it show default virtual network. This is not a bug. You are not supplying any hypervisor URI to libvirt, so as non-root, it is connecting to 'qemu:///session' a per-User unprivileged connection which has no virtual networking. As root it will connect to 'qemu:///system' which does support networking. If you want to see the networks as non-root, you need to explicitly specify the hypervisor URI, eg virsh net-list --connect qemu:///system net-list This is not related to the original bug report here against virt manager, so if you have any further issues with this please open a separate bug.
WRT the original reporter: Mogens Kjaer Are you running virt-manager privileged as root, or unprivileged as non-root ? In Fedora virt-manager is setup to prompt for root auth when it first starts. So, anyway, if virt-manager is running as root can you attach the file /root/.virt-manager/virt-manager.log While, if you are running it unprivileged, can you provide $HOME/.virt-manager/virt-manager.log
Actually no need for that info - I've found the problem & will prepare a patch
I've given non-root permissions to manage the virtual sessions using System | Preferences | System | Authorizations, so I run it "privileged as non-root", I guess. Looking forward to the patch, thanks!
virt-manager-0.5.4-5.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/virt-manager-0.5.4-5.fc9
Fix built into F9 for updates in virt-manager-0.5.4-5.fc9
It works! Thanks again.
(In reply to comment #15) > Fix built into F9 for updates in virt-manager-0.5.4-5.fc9 Good work. What was the original issue? Cheers
virt-manager-0.5.4-5.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update virt-manager'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8588
I've tested virt-manager-0.5.4-5.fc9 thoroughly and confirm it works
virt-manager-0.5.4-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.