[libvirt] problem to connect to libvirtd as ordinary user

Hi, I'm trying to setup an eucalyptus cloud managing my virtual xen nodes. I'm on SLES11, x86_64. I compiled libvirt-0.6.2 with the following configure parameters: ./configure --prefix=/usr --without-storage-iscsi --without-remote --without-sasl --without-openvz --without-storage-disk below the parameters I've set in the /etc/libvirt/libvirt.conf file: listen_tls = 0 listen_tcp = 1 unix_sock_group = "libvirt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0777" unix_sock_dir = "/var/run/libvirt" auth_unix_ro = "none" auth_unix_rw = "none" auth_tcp = "none" auth_tls = "none" log_level = 1 log_outputs="0:stderr" as root, I can run "virsh list" or "virsh -c xen+unix:/// list" and it just works, however, I cannot do this as user eucalyptus. The user eucalyptus is a member of the libvirt group. # id eucalyptus uid=1000(eucalyptus) gid=1000(eucalyptus) groups=1000(eucalyptus),0(root),16 (dialout),17(audio),33(video),100(users),1001(libvirt) I ran virsh through strace, to see what happens: strace virsh.bin -c xen+unix:/// list ... open("/proc/xen/privcmd", O_RDWR) = -1 EACCES (Permission denied) ... Shouldn't the permissions of /proc/xen/privcmd be OK due to the libvirt.conf file? However, I changed them, and now the strace output looks like this: chmod 777 /proc/xen/privcmd strace virsh.bin -c xen+unix:/// list ... open("/proc/xen/privcmd", O_RDWR) = 3 ioctl(3, SNDCTL_DSP_RESET, 0x7fff4721a0f0) = 196611 mlock(0x7fff4721a070, 72) = 0 mlock(0x7fff47219f00, 136) = 0 ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = -1 EACCES (Permission denied) munlock(0x7fff47219f00, 136) = 0 munlock(0x7fff4721a070, 72) = 0 mlock(0x7fff4721a070, 72) = 0 mlock(0x7fff47219f00, 136) = 0 ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = -1 EACCES (Permission denied) munlock(0x7fff47219f00, 136) = 0 munlock(0x7fff4721a070, 72) = 0 mlock(0x7fff4721a070, 72) = 0 mlock(0x7fff47219f00, 136) = 0 ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = -1 EACCES (Permission denied) munlock(0x7fff47219f00, 136) = 0 munlock(0x7fff4721a070, 72) = 0 mlock(0x7fff4721a070, 72) = 0 mlock(0x7fff47219f00, 136) = 0 ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = 0 munlock(0x7fff47219f00, 136) = 0 munlock(0x7fff4721a070, 72) = 0 mlock(0x7fff47219e00, 136) = 0 ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = 0 munlock(0x7fff47219e00, 136) = 0 close(3) = 0 ... actually, there is no sound card at all, I wonder what the SNDCTL_DSP_RESET is doing there. After the close(3), the virsh is only looking for language to generate the error message: error: failed to connect to the hypervisor Those xen versions are installed: xen-doc-pdf-3.3.1_18546_12-3.1 xen-doc-html-3.3.1_18546_12-3.1 xen-3.3.1_18546_12-3.1 xen-libs-3.3.1_18546_12-3.1 xen-tools-3.3.1_18546_12-3.1 xen-kmp-default-3.3.1_18546_12_2.6.27.19_5-3.1 kernel-xen-base-2.6.27.19-5.1 kernel-xen-2.6.27.19-5.1 xen-devel-3.3.1_18546_12-3.1 any idea what is wrong here? kind regards sebastian

On Wed, Apr 15, 2009 at 03:13:03PM +0200, Sebastian Reitenbach wrote:
Hi,
I'm trying to setup an eucalyptus cloud managing my virtual xen nodes.
I'm on SLES11, x86_64. I compiled libvirt-0.6.2 with the following configure parameters: ./configure --prefix=/usr --without-storage-iscsi --without-remote --without-sasl --without-openvz --without-storage-disk
This is your problem. You have disabled the remote driver at compile time. The remote driver is what is used to talk to libvirtd when running non-root. So you need to have it .... Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

On Wed, Apr 15, 2009 at 03:13:03PM +0200, Sebastian Reitenbach wrote:
Hi,
I'm trying to setup an eucalyptus cloud managing my virtual xen nodes.
I'm on SLES11, x86_64. I compiled libvirt-0.6.2 with the following configure parameters: ./configure --prefix=/usr --without-storage-iscsi --without-remote --without-sasl --without-openvz --without-storage-disk
This is your problem. You have disabled the remote driver at compile time.
The remote driver is what is used to talk to libvirtd when running non-root. So you need to have it ....
Hi, On Wednesday 15 April 2009 06:36:21 pm Daniel P. Berrange wrote: thanks a lot, I just reinstalled, omitting that configure parameter, I can run virsh as ordinary user. regards Sebastian
participants (2)
-
Daniel P. Berrange
-
Sebastian Reitenbach