Re: virsh rights voor normal users
On Thu, Oct 29, 2020 at 04:13:45PM +0100, Natxo Asenjo wrote:
hi,
using the cockpit web ui and with these instructions:
https://libvirt.org/dbus.html#usage
we allow successfully that a group of users can access the console of the
system vms in different kvm hosts.
Oddly enough, in the same cockpit web interface I can use a terminal, and
if I run virsh list --all I get an empty listing.
So using cockpit I can manage the system vms, but I cannot use virsh.
This is in a rhel 7.8 system. The host is joined to an Idm realm, and this
realm has a trust to an AD forest. The users are AD users mapped to an
external Idm group.
Any ideas as to what we do wrong?
There are two distinct instances of libvirt - system mode and session
mode. I suspect cockpit is using a different instance than your
virsh command
https://libvirt.org/drvqemu.html#securitydriver
virsh defaults to "session" mode if running non-root, "system" mode
if running as root. You can use "-c URI" to override the default if
running non-root.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|