users are not able to connect to libvirt (polkit issue)

please_try_again · June 25, 2011, 4:48pm

and probably to perform other tasks requiring root privileges (?).
I don’t know very much about polkit, so I don’t know if I’m not missing (or messing up) something.

This is the error I get under 11.4:	This is the expected behavior (11.3)
http://img715.imageshack.us/img715/8228/polkit01.th.png](http://img715.imageshack.us/img715/8228/polkit01.png)	http://img848.imageshack.us/img848/2223/polkit02.th.png](http://img848.imageshack.us/img848/2223/polkit02.png)

No matter if I run Gnome, Kde or another de. The process highlighted in red on picture 2 is the one started when a user click on connecting. It fails to start on 11.4 - probably due to my own mistake (?) but I don’t know. I could start virt-manager with gnomesu, kdesu or xdg-su -c, that would just start the program as root, but it shouldn’t be necessary. Can anyone give me an idea about what’s wrong here?

terrorpup · August 22, 2011, 5:17pm

Did you get this fixed? I am running into the same issue with every openSUSE 11.4 build. Libvirt is up an running. I don’t have this issue with 11.1. So must be something into 11.4 that cause it.

please_try_again · August 22, 2011, 6:24pm

I don’t have time to try it now but look at this solution on the Arch wiki (I have the same problem on ArchLinux servers): libvirt - ArchWiki

please_try_again · August 30, 2011, 4:56am

OK, here’s how I fixed it.
[ul]
[li]create a groupe ‘libvirt’[/li][li]add your user(s) to this group[/li][li]comment out the two lines in /etc/libvirt/libvirtd.conf, as shown in the diff below:[/li]


--- /etc/libvirt/libvirtd.conf.orig     2011-08-29 10:59:42.000000000 -0700
+++ /etc/libvirt/libvirtd.conf  2011-08-29 10:59:42.000000000 -0700
@@ -76,7 +76,7 @@
 # without becoming root.
 #
 # This is restricted to 'root' by default.
-#unix_sock_group = "libvirt"
+unix_sock_group = "libvirt"
 
 # Set the UNIX socket permissions for the R/O socket. This is used
 # for monitoring VM status only
@@ -93,7 +93,7 @@
 #
 # If not using PolicyKit and setting group ownership for access
 # control then you may want to relax this to:
-#unix_sock_rw_perms = "0770"
+unix_sock_rw_perms = "0770"
 
 # Set the name of the directory in which sockets will be found/created.
 #unix_sock_dir = "/var/run/libvirt"

[li]remove the sockets[/li]

rm /var/run/libvirt/libvirt-sock*

[li]restart the daemon[/li]

service libvirtd restart

[/ul]

Then you will be able to connect to libvirt as user.
I think it’s a bug in openSUSE, because the desktop file used to start virt-manager wouldn’t allow non root users to connect to libvirt:

# sed '/Name\[/d'  /usr/share/applications/YaST2/virt-manager.desktop 
[Desktop Entry]
X-SuSE-translate=true
Name=Virtual Machine Manager
Comment=Manage Virtual Machines for Xen and KVM
Version=1.0
Icon=yast-vm-management
Exec=/usr/bin/virt-manager
Type=Application
Terminal=false
Encoding=UTF-8
Categories=Qt;X-SuSE-YaST;X-SuSE-YaST-Virtualization;
X-KDE-ModuleType=Library
X-KDE-RootOnly=true
X-KDE-HasReadOnlyMode=false
X-SuSE-YaST-Call=/usr/bin/virt-manager
X-SuSE-YaST-Group=Virtualization
X-SuSE-YaST-Argument=
X-SuSE-YaST-RootOnly=true
X-SuSE-YaST-Geometry=
X-SuSE-YaST-SortKey=

To get it working before I solved the user access problem, I had to change the Exec line into:


Exec=xdg-su -c '/usr/bin/virt-manager'

and got dbus connection errors outside of Gnome/Kde/Xfce (had to use dbus-launch then).

As I had to fix the issue on several computers, I wrote a quick and dirty script. Just replace user names and libvirt gid (if needed):

#! /bin/sh
 
grpname=libvirt
grpid=136
users=(laurel hardy)


groupadd -g $grpid $grpname
for u in ${users[li]} ; do[/li]        groupmod -A $u libvirt
done

cp /etc/libvirt/libvirtd.conf{,.orig}
sed -i 's/^#\(unix_sock_group\)/\1/;s/^#\(unix_sock_rw_perms\)/\1/' /etc/libvirt/libvirtd.conf

rm /var/run/libvirt/libvirt-sock*
service libvirtd restart

And I didn’t have to play with polkit authorizations.

please_try_again · August 30, 2011, 8:25am

I should probably add that the libvirt version involved here in the one from Virtualization repo:

# zypper info libvirt
...
Information for package libvirt:

Repository: @System
Name: libvirt
Version: **0.9.4**-147.1
Arch: x86_64
Vendor: obs://build.opensuse.org/Virtualization
Installed: Yes
Status: up-to-date
Installed Size: 2.3 MiB
...

It’s not impossible that libvirt from standard repo (0.8.8) uses other defaults in /etc/libvirt/libvirtd.conf and doesn’t have the problem described in this thread at all. (?)

GofBorg · August 30, 2011, 5:27pm

> It’s not impossible that libvirt from standard repo (0.8.8) uses other
> defaults in /etc/libvirt/libvirtd.conf and doesn’t have the problem
> described in this thread at all. (?)

Nah. It does it also.

please_try_again · September 26, 2011, 2:52am

It seems to have been fixed after some libvirt or polkit update (?).
I removed the libvirt group and restored the original libvirtd.conf and it still works as expected.

http://img268.imageshack.us/img268/5599/libvirt.th.png](http://img268.imageshack.us/img268/5599/libvirt.png)