Re: [libvirt-users] [libvirt] New wiki pages with libvirt SSH setup instructions
Good noon,
On 09/22/2010 02:25 PM, Justin Clift wrote:
On 09/22/2010 07:33 PM, Zdenek Styblik wrote:
> I was thinking about writing info for Slackware, because you've asked.
> But I came to realize the page is written in such general way, it's
> simply applicable to other distributions without any big troubles which
> should be worth of writing up.
Hmmmm, how does Slackware do the access control for the libvirt
management socket?
Any idea if it's using PolicyKit, or if it's using groups?
I've managed to create ACL by groups and it's working. However, to my
surprise, there is Slackware package for PolicyKit. Yet, I have never
used it nor tested it (I could though?).
Asking because if it's using one of those two, then it's
extremely
easy to add a new "Slackware" head and point people to the right bit.
Probably both or it depends on whether PolicyKit is installed or not.
(T.B.D.?) Group ACL works for sure.
> At least that's my opinion. Of course it
> doesn't mean there can't be pitfalls in other distributions.
Yeah. I'm kind of thinking that if we know how Slackware does it,
we should probably mention it.
That'll help people using things like (ie) Google, when they do
keyword searches for "+Libvirt +Slackware +access". Without a mention
of Slackware on the pages, search engines won't show it in the result
list. :(
Plus... having more distributions on there helps to show off how
cross-distribution libvirt is. :)
Indeed :)
[...]
> One thing though and that's access to virtual storage.
Isn't there a
> problem with group libvirt not having ACL to manipulate images as they
> are created with root:root ownership? I'm aware of
> <permissions>...</permissions>, but so far I haven't been successful
to
> make it work (= ownership stayed as root:root no matter what; version
> 0.8.4).
Hmmm, interesting thought. It's not an area I've looked at from the
perspective of access by non-root users.
Yeah, I should investigate that to ensure there aren't any pitfalls there.
Good thinking Zdenek. :)
First things first. I've messed up version number - 0.8.3 (0.8.4 is
virt-manager, now at 0.8.5). So now, it's tested with libvirt-0.8.4 for
sure.
This works. Non-root user - VM management, creating images, VNC.
Now, here comes part which is hard to describe.
qemu-kvm - running as libvirt - great!
libvirtd - running as root - bad?
I wanted to achieve something like that (= root-less qemu and libvirtd)
with 0.8.3, but it didn't work because libvirt/virt-manager claimed ACL
problem. I think it's time for re-test and eventual push into
"production" of mine :)
I'm not sure if this part made sense. Simply - it works as expected.
Regards and best wishes,
Justin Clift
Have a nice day,
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net
jabber: stybla(a)jabber.turnovfree.net