[Libguestfs] [PATCH] launch: show hint to resolve authentication failure from libvirt
Daniel P. Berrange
berrange at redhat.com
Thu Oct 11 11:00:27 UTC 2012
On Thu, Oct 11, 2012 at 12:57:12PM +0200, Olaf Hering wrote:
> On Wed, Oct 10, Daniel P. Berrange wrote:
>
> > It depends on what instance of libvirtd you are connecting to.
> >
> > - The system instance, runs as root and requirs non-root users
> > to auth with policykit
> >
> > - The session instance, runs as the same user id as the client
> > app and does not require auth.
> >
> > Since libguestfs passes NULL for the URI, it will be connecting
> > to the session instance if libguestfs is non-root and thus not
> > require any auth. If libguestfs is run as root it will connect
> > to the system instance which requires polkit auth, but root already
> > has that granted.
>
> Thanks for that summary.
>
> Today I tried it with a openSuSE 12.2 system, which is more uptodate
> than a sles11sp2.
> Running libguestfs-test-tool fails because root starts a kvm guest, while a
> user starts a qemu guest. I think once the os type is correct for type 'qemu'
> it will work.
Hmm, on Fedora non-root is able to use KVM just fine. If you have a
new enough libvirt, you should have a 'virt-host-validate' command.
Can you run that as both root and non-root and provide the output
for each case.
Also provide the 'virsh -c qemu:///session capabilities' output
when run as non-root
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the Libguestfs
mailing list