[Libguestfs] [PATCH] launch: show hint to resolve authentication failure from libvirt
Daniel P. Berrange
berrange at redhat.com
Wed Oct 10 15:16:21 UTC 2012
On Wed, Oct 10, 2012 at 05:06:37PM +0200, Olaf Hering wrote:
> Signed-off-by: Olaf Hering <olaf at aepfle.de>
> ---
>
> Switching from attach-method "appliance" to "libvirt" has surprising
> side effects, so show a hint how to resolve the "authentication failed"
> error from libvirt.
> Patch is not compile tested.
>
> src/libvirtdomain.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/libvirtdomain.c b/src/libvirtdomain.c
> index eecea26..110ee86 100644
> --- a/src/libvirtdomain.c
> +++ b/src/libvirtdomain.c
> @@ -104,6 +104,8 @@ guestfs__add_domain (guestfs_h *g, const char *domain_name,
> err = virGetLastError ();
> error (g, _("could not connect to libvirt (code %d, domain %d): %s"),
> err->code, err->domain, err->message);
> + if (err->code == VIR_ERR_AUTH_FAILED)
> + error (g, _("Possible fix: 'polkit-auth --user <username> --grant org.libvirt.unix.manage'"));
Hmm, libguestfs is using the qemu://session instance of libvirt, of which
one is launched per user. This should not require any authentication at
all, since it is only accessible to the current user. PolicyKit is only
relevant if connecting to the qemu:///system instance of libvirtd which
runs privileged and this is not something libguestfs would be using,
unless it was run as root. But if libguestfs ran as root, it would
already have permission to connect via policykit.
So I'm not really clear why you want this addition
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the Libguestfs
mailing list