[libvirt] [PATCH] Let virt-manager 1.4.0+ work to access console of VM
Also see Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphica... --- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index a9020aa..19d99e5 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -151,3 +151,6 @@ /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, + + # allow connect with openGraphicsFD to work + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd), -- 2.10.2
With Jamie Strandboge's help it should be restricted a bit more by adding addr=none: unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd), On Tue, Feb 28, 2017 at 1:48 PM, Bryan Quigley <bryan.quigley@canonical.com> wrote:
Also see Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphica...
--- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index a9020aa..19d99e5 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -151,3 +151,6 @@ /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, + + # allow connect with openGraphicsFD to work + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd), -- 2.10.2
On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote:
Also see Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphica...
--- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index a9020aa..19d99e5 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -151,3 +151,6 @@ /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, + + # allow connect with openGraphicsFD to work + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd),
Shouldn't this only be added via virt-aa-helper when a corresponding console is in use? Cheers, -- Guido
Hi Guido, It's only needed when a user actually clicks on the running VM in virt-manager. It's not defined differently in the domain xml. I'm thinking that means virt-aa-helper can't help us in this case, but am open to being proven wrong. Thanks! Bryan On Wed, Mar 1, 2017 at 1:04 AM, Guido Günther <agx@sigxcpu.org> wrote:
On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote:
Also see Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphica...
--- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index a9020aa..19d99e5 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -151,3 +151,6 @@ /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, + + # allow connect with openGraphicsFD to work + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd),
Shouldn't this only be added via virt-aa-helper when a corresponding console is in use? Cheers, -- Guido
On Wed, Mar 01, 2017 at 05:11:53PM -0500, Bryan Quigley wrote:
Hi Guido,
It's only needed when a user actually clicks on the running VM in virt-manager. It's not defined differently in the domain xml.
I'm thinking that means virt-aa-helper can't help us in this case, but am open to being proven wrong.
The fd is passed over the existing socket, no new socket is created to the qemu process, so yes virt-aa-helper won't help here. Sorry for the noise. -- Guido
Thanks! Bryan
On Wed, Mar 1, 2017 at 1:04 AM, Guido Günther <agx@sigxcpu.org> wrote:
On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote:
Also see Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphica...
--- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index a9020aa..19d99e5 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -151,3 +151,6 @@ /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, + + # allow connect with openGraphicsFD to work + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd),
Shouldn't this only be added via virt-aa-helper when a corresponding console is in use? Cheers, -- Guido
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
This starves a bit in the corners of the ML, any chance to pick this up for 3.11? On Thu, Mar 2, 2017 at 8:42 AM, Guido Günther <agx@sigxcpu.org> wrote:
On Wed, Mar 01, 2017 at 05:11:53PM -0500, Bryan Quigley wrote:
Hi Guido,
It's only needed when a user actually clicks on the running VM in virt-manager. It's not defined differently in the domain xml.
I'm thinking that means virt-aa-helper can't help us in this case, but am open to being proven wrong.
The fd is passed over the existing socket, no new socket is created to the qemu process, so yes virt-aa-helper won't help here. Sorry for the noise. -- Guido
Thanks! Bryan
On Wed, Mar 1, 2017 at 1:04 AM, Guido Günther <agx@sigxcpu.org> wrote:
On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote:
Also see Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphica...
--- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index a9020aa..19d99e5 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -151,3 +151,6 @@ /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, + + # allow connect with openGraphicsFD to work + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd),
Shouldn't this only be added via virt-aa-helper when a corresponding console is in use? Cheers, -- Guido
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd
participants (3)
-
Bryan Quigley -
Christian Ehrhardt -
Guido Günther