VM won't start from virt-manager -- Unable to open system.token

I just updated libvirt to 9.10.0-3 and virt-manager to 4.1.0-4. Before the update, I could start my defined VMs from virt-manager without issue. Now I get the following: Error starting domain: can't connect to virtlogd. Unable to open system.token /run/libvirt/common/system.token: Permission denied I am running virt-manager from my unpriviledged userid. My userid is already a member of the libvirt group. I see no error messages in the journal or in any of the logs under /var/log Any suggestions would be greatly appreciated.

On 2 Jan 2024 09:47 -0600, from john@jlhimpel.net (John W. Himpel):
I just updated libvirt to 9.10.0-3 and virt-manager to 4.1.0-4. Before the update, I could start my defined VMs from virt-manager without issue. Now I get the following:
Error starting domain: can't connect to virtlogd. Unable to open system.token /run/libvirt/common/system.token: Permission denied
I am running virt-manager from my unpriviledged userid. My userid is already a member of the libvirt group.
I see no error messages in the journal or in any of the logs under /var/log
Any suggestions would be greatly appreciated.
Have you checked ~/.cache/virt-manager/virt-manager.log for clues? See virt-manager(1) under --debug. -- Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”

Michael, Thanks for the quick response. I see the following: [Tue, 02 Jan 2024 15:27:09 virt-manager 4054] DEBUG (connection:482) conn=qemu:///system changed to state=Active [Tue, 02 Jan 2024 15:27:13 virt-manager 4054] DEBUG (vmmenu:210) Starting vm 'testFedora' [Tue, 02 Jan 2024 15:27:13 virt-manager 4054] DEBUG (error:101) error dialog message: summary=Error starting domain: can't connect to virtlogd: Unable to open system token /run/libvirt/common/system.token: Permission denied details=Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn ret = fn(self, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/share/virt-manager/virtManager/object/domain.py", line 1402, in startup self._backend.create() File "/usr/lib64/python3.12/site-packages/libvirt.py", line 1373, in create raise libvirtError('virDomainCreate() failed') libvirt.libvirtError: can't connect to virtlogd: Unable to open system token /run/libvirt/common/system.token: Permission denied [Tue, 02 Jan 2024 15:46:48 virt-manager 4054] DEBUG (manager:196) Closing manager [Tue, 02 Jan 2024 15:46:48 virt-manager 4054] DEBUG (engine:323) window counter decremented to 0 [Tue, 02 Jan 2024 15:46:48 virt-manager 4054] DEBUG (engine:343) No windows found, requesting app exit [Tue, 02 Jan 2024 15:46:48 virt-manager 4054] DEBUG (connection:838) conn.close() uri=qemu:///system After further investigation, I see that /run/libvirt/common has permissions of: drwx------. 2 root root 60 Jan 1 22:44 common Since I am running virt-manager from my userid, I think this is probably the issue. Any suggestions on how to access /run/libvirt/common/system.token as a non-priviledged user of virt-manager? On Tue, 2024-01-02 at 16:21 +0000, Michael Kjörling wrote:
On 2 Jan 2024 09:47 -0600, from john@jlhimpel.net (John W. Himpel):
I just updated libvirt to 9.10.0-3 and virt-manager to 4.1.0-4. Before the update, I could start my defined VMs from virt-manager without issue. Now I get the following:
Error starting domain: can't connect to virtlogd. Unable to open system.token /run/libvirt/common/system.token: Permission denied
I am running virt-manager from my unpriviledged userid. My userid is already a member of the libvirt group.
I see no error messages in the journal or in any of the logs under /var/log
Any suggestions would be greatly appreciated.
Have you checked ~/.cache/virt-manager/virt-manager.log for clues? See virt-manager(1) under --debug.
-- Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?” _______________________________________________ Users mailing list -- users@lists.libvirt.org To unsubscribe send an email to users-leave@lists.libvirt.org

On 2 Jan 2024 10:45 -0600, from john@jlhimpel.net (John W. Himpel):
After further investigation, I see that /run/libvirt/common has permissions of: drwx------. 2 root root 60 Jan 1 22:44 common
Since I am running virt-manager from my userid, I think this is probably the issue.
Maybe not. That directory has the same permissions on my Debian system, and I can use virt-manager just fine as an unprivileged user. I'm on virt-manager 4.1.0 and libvirt 9.0.0. (Current Debian 12/Bookworm.)
Any suggestions on how to access /run/libvirt/common/system.token as a non-priviledged user of virt-manager?
Sorry, no, not really. Hopefully someone else will be able to chime in. I see you're connecting to the system qemu instance. Does it make any difference if you connect to the user instance? That should be $ virt-manager -c qemu:///session --debug You obviously won't see any of the VMs in the system instance doing that, but it just _might_ provide a clue as to where to look next if that does work. Try creating a new VM that way if you don't have anything handy, and check the output for anything that looks like a corresponding socket location when you start it. Also, have you tried using some other front-end, such as AQEMU, virt-install or virsh (as the same unprivileged user) to do the same thing? Just trying to think of things that might narrow down the possibilities for what might be the actual culprit in your setup. -- Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”

I was able to resolve this issue by doing a complete system selinux relabeling. Thanks to those who reached out to assist. On Tue, 2024-01-02 at 09:47 -0600, John W. Himpel wrote:
I just updated libvirt to 9.10.0-3 and virt-manager to 4.1.0-4. Before the update, I could start my defined VMs from virt-manager without issue. Now I get the following:
Error starting domain: can't connect to virtlogd. Unable to open system.token /run/libvirt/common/system.token: Permission denied
I am running virt-manager from my unpriviledged userid. My userid is already a member of the libvirt group.
I see no error messages in the journal or in any of the logs under /var/log
Any suggestions would be greatly appreciated.
_______________________________________________ Users mailing list -- users@lists.libvirt.org To unsubscribe send an email to users-leave@lists.libvirt.org

On Wed, Jan 03, 2024 at 08:17:58AM -0600, John W. Himpel wrote:
I was able to resolve this issue by doing a complete system selinux relabeling.
Thanks to those who reached out to assist.
On Tue, 2024-01-02 at 09:47 -0600, John W. Himpel wrote:
I just updated libvirt to 9.10.0-3 and virt-manager to 4.1.0-4. Before the update, I could start my defined VMs from virt-manager without issue. Now I get the following:
Error starting domain: can't connect to virtlogd. Unable to open system.token /run/libvirt/common/system.token: Permission denied
I am running virt-manager from my unpriviledged userid. My userid is already a member of the libvirt group.
I see no error messages in the journal or in any of the logs under /var/log
Any suggestions would be greatly appreciated.
Glad you have fixed it. Is /run a tmpfs filesystem on your Fedora system? ie: $ mount | grep /run tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,size=3200856k,nr_inodes=819200,mode=755,inode64) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html

Rich, Yes the /run is indeed on a tmp filesystem. I did a "touch /autorelabel followed by a complete system shutdown to power off followed by a system startup. The timestamp on /run/libvirt/common is today's date with a timestamp consistent with system startup. Thanks for reaching out. John On Wed, 2024-01-03 at 14:40 +0000, Richard W.M. Jones wrote:
On Wed, Jan 03, 2024 at 08:17:58AM -0600, John W. Himpel wrote:
I was able to resolve this issue by doing a complete system selinux relabeling.
Thanks to those who reached out to assist.
On Tue, 2024-01-02 at 09:47 -0600, John W. Himpel wrote:
I just updated libvirt to 9.10.0-3 and virt-manager to 4.1.0-4. Before the update, I could start my defined VMs from virt-manager without issue. Now I get the following:
Error starting domain: can't connect to virtlogd. Unable to open system.token /run/libvirt/common/system.token: Permission denied
I am running virt-manager from my unpriviledged userid. My userid is already a member of the libvirt group.
I see no error messages in the journal or in any of the logs under /var/log
Any suggestions would be greatly appreciated.
Glad you have fixed it.
Is /run a tmpfs filesystem on your Fedora system? ie:
$ mount | grep /run tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,size=3200856k,nr_inodes=819200,mode=755,ino de64)
Rich.
participants (3)
-
John W. Himpel
-
Michael Kjörling
-
Richard W.M. Jones