Re: [libvirt-users] unable to creating/list storage pools using non-root user

On Sat, Jun 23, 2012 at 3:04 AM, Trey Dockendorf <treydock(a)gmail.com&gt;wrote: > On Fri, Jun 22, 2012 at 10:02 AM, mallapadi niranjan > <niranjan.ashok(a)gmail.com&gt; wrote: > > > > > > On Fri, Jun 22, 2012 at 4:38 PM, mallapadi niranjan > > <niranjan.ashok(a)gmail.com&gt; wrote: > >> > >> > >> > >> On Fri, Jun 22, 2012 at 12:56 PM, Trey Dockendorf <treydock(a)gmail.com&gt; > >> wrote: > >>> > >>> > >>> On Jun 22, 2012 1:08 AM, "mallapadi niranjan" < > niranjan.ashok(a)gmail.com&gt; > >>> wrote: > >>> > > >>> > Hi all > >>> > > >>> > I have a Fedora release 17 (Beefy Miracle) with libvirt versions: > >>> > > >>> > libvirt-0.9.11.3-1.fc17.x86_64 > >>> > virt-manager-0.9.1-3.fc17.noarch > >>> > > >>> > I have allowed non-root user to user libvirt by allowing the user > >>> > through polkit > >>> > > >>> > cat /etc/polkit-1/localauthority/50-local.d/cat > >>> > 50-org.example-libvirt-remote-access.pkla > >>> > > >>> > [Remote libvirt SSH access] > >>> > Identity=unix-group:virt > >>> > Action=org.libvirt.unix.manage;org.libvirt.unix.monitor > >>> > ResultAny=yes > >>> > ResultInactive=yes > >>> > ResultActive=yes > >>> > > >>> > After doing the above i am able to connect to virt-manager as > non-root > >>> > user but unable to create storage pools. > >>> > > >>> > [juno@reserved ~]$ id > >>> > uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt) > >>> > context=staff_u:staff_r:staff_t:s0 > >>> > [juno@reserved ~]$ virsh > >>> > Welcome to virsh, the virtualization interactive terminal. > >>> > > >>> > Type: 'help' for help with commands > >>> > 'quit' to quit > >>> > > >>> > virsh # pool-list > >>> > error: Failed to reconnect to the hypervisor > >>> > error: no valid connection > >>> > error: Failed to connect socket to > &#39;(a)/home/juno/.libvirt/libvirt-sock&#39;: > >>> > Connection refused > >>> > > >>> > virsh # list > >>> > error: Failed to reconnect to the hypervisor > >>> > error: no valid connection > >>> > error: Failed to connect socket to > &#39;(a)/home/juno/.libvirt/libvirt-sock&#39;: > >>> > Connection refused > >>> > > >>> > I have defined pool called virt-images (/virt-images) which the > >>> > non-root (in this case the username is Juno) user has the > read/write > >>> > permissions > >>> > > >>> > Also tried adding the permissions to unix socket in > >>> > /etc/libvirt/libvirtd.conf as below: > >>> > > >>> > cat /etc/libvirt/libvirtd.conf | grep -v ^$ | grep -v ^# > >>> > unix_sock_group = "virt" > >>> > unix_sock_ro_perms = "0777" > >>> > unix_sock_rw_perms = "0770" > >>> > unix_sock_dir = "/var/run/libvirt" > >>> > > >>> > But the unix socket are created in /var/run/libvirt and not in users > >>> > home directory, So how do we make a non-root user virsh commands > check the > >>> > socket created in /var/run/libvirt. It always checks for the socket > in > >>> > user's home directory ? > >>> > > >>> > Any pointers on above would be helpfu. > >>> > > >>> > Regards > >>> > Niranjan > >>> > > >>> > > >>> > _______________________________________________ > >>> > libvirt-users mailing list > >>> > libvirt-users(a)redhat.com > >>> > https://www.redhat.com/mailman/listinfo/libvirt-users > >>> > >>> I believe I ran into this, try using this virsh command as the polkit > >>> authorized user > >>> > >>> virsh -c qemu:///system > >>> > >>> - Trey > >> > >> Yeah that worked. > >> > >> Thanks a lot trey > > > > > > Hi > > > > > > How do i make the below work ? > > > > [juno@reserved virt-img]$ virsh -c qemu:///session > > > > error: Failed to connect socket to &#39;(a)/home/juno/.libvirt/libvirt-sock&#39;: > > Connection refused > > error: failed to connect to the hypervisor > > > > > > Regards > > Niranjan > > > > _______________________________________________ > > libvirt-users mailing list > > libvirt-users(a)redhat.com > > https://www.redhat.com/mailman/listinfo/libvirt-users > > I'm not familiar with using "qemu:///session", to make an intial > connection I always do something like this... > > # Local connection > $ virsh -c qemu:///system > > # Remote > $ virsh -c ssh+qemu:///treydock@host.tld/system > > What are you trying to achieve with "session" ? > I would like to use virt-manager/virsh using non-root user , qemu:///system , connect as root user , I would like to create images and run them using non-root user . > > Also I noticed you mentioned using a path other than > /var/lib/libvirt/images for the pool, be sure the SELinux contexts are > correct. Should be virt_image_t, you can set that for a special path > like so... > > $ semanage fcontext -a -t virt_image_t "/virt-img(/.*)?" > $ restorecon -R /virt-img > Yes, i have set the virt_image_t context set for /virt-img directory > > - Trey >