Results 1 to 7 of 7

Thread: users are not able to connect to libvirt (polkit issue)

  1. #1

    Default users are not able to connect to libvirt (polkit issue)

    and probably to perform other tasks requiring root privileges (?).
    I don't know very much about polkit, so I don't know if I'm not missing (or messing up) something.

    This is the error I get under 11.4: This is the expected behavior (11.3)


    No matter if I run Gnome, Kde or another de. The process highlighted in red on picture 2 is the one started when a user click on connecting. It fails to start on 11.4 - probably due to my own mistake (?) but I don't know. I could start virt-manager with gnomesu, kdesu or xdg-su -c, that would just start the program as root, but it shouldn't be necessary. Can anyone give me an idea about what's wrong here?

  2. #2

    Default Re: users are not able to connect to libvirt (polkit issue)

    Did you get this fixed? I am running into the same issue with every openSUSE 11.4 build. Libvirt is up an running. I don't have this issue with 11.1. So must be something into 11.4 that cause it.

  3. #3

    Default Re: users are not able to connect to libvirt (polkit issue)

    Quote Originally Posted by terrorpup View Post
    Did you get this fixed? I am running into the same issue with every openSUSE 11.4 build. Libvirt is up an running. I don't have this issue with 11.1. So must be something into 11.4 that cause it.
    I don't have time to try it now but look at this solution on the Arch wiki (I have the same problem on ArchLinux servers): https://wiki.archlinux.org/index.php...authentication

  4. #4

    Default Re: users are not able to connect to libvirt (polkit issue)

    OK, here's how I fixed it.
    • create a groupe 'libvirt'
    • add your user(s) to this group
    • comment out the two lines in /etc/libvirt/libvirtd.conf, as shown in the diff below:
      Code:
      --- /etc/libvirt/libvirtd.conf.orig     2011-08-29 10:59:42.000000000 -0700
      +++ /etc/libvirt/libvirtd.conf  2011-08-29 10:59:42.000000000 -0700
      @@ -76,7 +76,7 @@
       # without becoming root.
       #
       # This is restricted to 'root' by default.
      -#unix_sock_group = "libvirt"
      +unix_sock_group = "libvirt"
       
       # Set the UNIX socket permissions for the R/O socket. This is used
       # for monitoring VM status only
      @@ -93,7 +93,7 @@
       #
       # If not using PolicyKit and setting group ownership for access
       # control then you may want to relax this to:
      -#unix_sock_rw_perms = "0770"
      +unix_sock_rw_perms = "0770"
       
       # Set the name of the directory in which sockets will be found/created.
       #unix_sock_dir = "/var/run/libvirt"
    • remove the sockets
      Code:
      rm /var/run/libvirt/libvirt-sock*
    • restart the daemon
      Code:
      service libvirtd restart


    Then you will be able to connect to libvirt as user.
    I think it's a bug in openSUSE, because the desktop file used to start virt-manager wouldn't allow non root users to connect to libvirt:


    Code:
    # sed '/Name\[/d'  /usr/share/applications/YaST2/virt-manager.desktop 
    [Desktop Entry]
    X-SuSE-translate=true
    Name=Virtual Machine Manager
    Comment=Manage Virtual Machines for Xen and KVM
    Version=1.0
    Icon=yast-vm-management
    Exec=/usr/bin/virt-manager
    Type=Application
    Terminal=false
    Encoding=UTF-8
    Categories=Qt;X-SuSE-YaST;X-SuSE-YaST-Virtualization;
    X-KDE-ModuleType=Library
    X-KDE-RootOnly=true
    X-KDE-HasReadOnlyMode=false
    X-SuSE-YaST-Call=/usr/bin/virt-manager
    X-SuSE-YaST-Group=Virtualization
    X-SuSE-YaST-Argument=
    X-SuSE-YaST-RootOnly=true
    X-SuSE-YaST-Geometry=
    X-SuSE-YaST-SortKey=
    To get it working before I solved the user access problem, I had to change the Exec line into:

    Code:
    Exec=xdg-su -c '/usr/bin/virt-manager'
    and got dbus connection errors outside of Gnome/Kde/Xfce (had to use dbus-launch then).

    As I had to fix the issue on several computers, I wrote a quick and dirty script. Just replace user names and libvirt gid (if needed):

    Code:
    #! /bin/sh
     
    grpname=libvirt
    grpid=136
    users=(laurel hardy)
    
    
    groupadd -g $grpid $grpname
    for u in ${users[*]} ; do
            groupmod -A $u libvirt
    done
    
    cp /etc/libvirt/libvirtd.conf{,.orig}
    sed -i 's/^#\(unix_sock_group\)/\1/;s/^#\(unix_sock_rw_perms\)/\1/' /etc/libvirt/libvirtd.conf
    
    rm /var/run/libvirt/libvirt-sock*
    service libvirtd restart
    * And I didn't have to play with polkit authorizations.

  5. #5

    Default Re: users are not able to connect to libvirt (polkit issue)

    I should probably add that the libvirt version involved here in the one from Virtualization repo:

    Code:
    # zypper info libvirt
    ...
    Information for package libvirt:
    
    Repository: @System
    Name: libvirt
    Version: 0.9.4-147.1
    Arch: x86_64
    Vendor: obs://build.opensuse.org/Virtualization
    Installed: Yes
    Status: up-to-date
    Installed Size: 2.3 MiB
    ...
    It's not impossible that libvirt from standard repo (0.8.8) uses other defaults in /etc/libvirt/libvirtd.conf and doesn't have the problem described in this thread at all. (?)

  6. #6
    Join Date
    Jun 2008
    Location
    Delta Quadrant
    Posts
    1,434

    Default Re: users are not able to connect to libvirt (polkit issue)

    > It's not impossible that libvirt from standard repo (0.8.8) uses other
    > defaults in /etc/libvirt/libvirtd.conf and doesn't have the problem
    > described in this thread at all. (?)


    Nah. It does it also.

  7. #7

    Default Re: users are not able to connect to libvirt (polkit issue)

    It seems to have been fixed after some libvirt or polkit update (?).
    I removed the libvirt group and restored the original libvirtd.conf and it still works as expected.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •