670742 – PolicyKit prevents virt-manager access to qemu:///system for non-root users

Bug 670742 - PolicyKit prevents virt-manager access to qemu:///system for non-root users

Summary: PolicyKit prevents virt-manager access to qemu:///system for non-root users

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	polkit
Sub Component:
Version:	14
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	David Zeuthen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-01-19 08:07 UTC by Stefan Becker
Modified:	2013-03-06 04:06 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-01-20 08:53:48 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Stefan Becker 2011-01-19 08:07:42 UTC

Description of problem:

After the latest updates I can no longer run virt-manager as non-root user on the local system:


Dialog text:
Unable to open a connection to the libvirt management daemon.

Libvirt URI is: qemu:///system

Verify that:
 - The 'libvirtd' daemon has been started


Details:
authentication failed

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/connection.py", line 983, in _try_open
    None], flags)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 111, in openAuth
    if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirtError: authentication failed


/var/log/messages:
Jan 19 09:55:08 XXXXXX libvirtd: 09:55:08.410: error : remoteDispatchAuthPolkit:3843 : Policy kit denied action org.libvirt.unix.manage from pid 5966, uid YYYYY, result: 512


Version-Release number of selected component (if applicable):
libvirt-0.8.3-2.fc14.x86_64
polkit-0.98-4.fc14.x86_64
polkit-desktop-policy-0.98-4.fc14.noarch
polkit-gnome-0.97-4.fc14.x86_64
polkit-kde-0.95.1-6.fc14.x86_64
polkit-qt-0.96.1-4.fc14.x86_64
selinux-policy-3.9.7-19.fc14.noarch
selinux-policy-targeted-3.9.7-19.fc14.noarch
virt-manager-0.8.5-1.fc14.noarch

How reproducible:
Always

Steps to Reproduce:
1. Start virt-manager as non-root
  
Actual results:
Error Dialog

Expected results:
virt-manager asks for root password and then connects to qemu:///system


Additional info:
 - virt-manager works OK for root
 - not SELinux-related, i.e. after a "setenforce 0" the problems still occurs

Comment 1 Stefan Becker 2011-01-20 08:53:48 UTC

Another update and reboot this morning: it started to work again. I.e. virt-manager asks for the root password before connecting to qemu:///system.

libvirt-0.8.3-2.fc14.x86_64
polkit-0.98-4.fc14.x86_64
polkit-desktop-policy-0.98-4.fc14.noarch
polkit-gnome-0.97-4.fc14.x86_64
polkit-kde-0.95.1-6.fc14.x86_64
polkit-qt-0.96.1-4.fc14.x86_64
selinux-policy-3.9.7-20.fc14.noarch
selinux-policy-targeted-3.9.7-20.fc14.noarch

From the list only the SELinux policy was updated, but that wasn't preventing virt-manager to work in the first place???

I'm marking this down as a fluke. Closing.

Note You need to log in before you can comment on or make changes to this bug.