Bug 670742 - PolicyKit prevents virt-manager access to qemu:///system for non-root users
PolicyKit prevents virt-manager access to qemu:///system for non-root users
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: polkit (Show other bugs)
14
Unspecified Unspecified
low Severity medium
: ---
: ---
Assigned To: David Zeuthen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-01-19 03:07 EST by Stefan Becker
Modified: 2013-03-05 23:06 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-20 03:53:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stefan Becker 2011-01-19 03:07:42 EST
Description of problem:

After the latest updates I can no longer run virt-manager as non-root user on the local system:


Dialog text:
Unable to open a connection to the libvirt management daemon.

Libvirt URI is: qemu:///system

Verify that:
 - The 'libvirtd' daemon has been started


Details:
authentication failed

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/connection.py", line 983, in _try_open
    None], flags)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 111, in openAuth
    if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirtError: authentication failed


/var/log/messages:
Jan 19 09:55:08 XXXXXX libvirtd: 09:55:08.410: error : remoteDispatchAuthPolkit:3843 : Policy kit denied action org.libvirt.unix.manage from pid 5966, uid YYYYY, result: 512


Version-Release number of selected component (if applicable):
libvirt-0.8.3-2.fc14.x86_64
polkit-0.98-4.fc14.x86_64
polkit-desktop-policy-0.98-4.fc14.noarch
polkit-gnome-0.97-4.fc14.x86_64
polkit-kde-0.95.1-6.fc14.x86_64
polkit-qt-0.96.1-4.fc14.x86_64
selinux-policy-3.9.7-19.fc14.noarch
selinux-policy-targeted-3.9.7-19.fc14.noarch
virt-manager-0.8.5-1.fc14.noarch

How reproducible:
Always

Steps to Reproduce:
1. Start virt-manager as non-root
  
Actual results:
Error Dialog

Expected results:
virt-manager asks for root password and then connects to qemu:///system


Additional info:
 - virt-manager works OK for root
 - not SELinux-related, i.e. after a "setenforce 0" the problems still occurs
Comment 1 Stefan Becker 2011-01-20 03:53:48 EST
Another update and reboot this morning: it started to work again. I.e. virt-manager asks for the root password before connecting to qemu:///system.

libvirt-0.8.3-2.fc14.x86_64
polkit-0.98-4.fc14.x86_64
polkit-desktop-policy-0.98-4.fc14.noarch
polkit-gnome-0.97-4.fc14.x86_64
polkit-kde-0.95.1-6.fc14.x86_64
polkit-qt-0.96.1-4.fc14.x86_64
selinux-policy-3.9.7-20.fc14.noarch
selinux-policy-targeted-3.9.7-20.fc14.noarch

From the list only the SELinux policy was updated, but that wasn't preventing virt-manager to work in the first place???

I'm marking this down as a fluke. Closing.

Note You need to log in before you can comment on or make changes to this bug.