[libvirt] problem to connect to libvirtd as ordinary user

Sebastian Reitenbach sebastia at l00-bugdead-prods.de
Wed Apr 15 13:13:03 UTC 2009 

Hi,

I'm trying to setup an eucalyptus cloud managing my virtual xen nodes.

I'm on SLES11, x86_64. I compiled libvirt-0.6.2 with the following configure 
parameters:
./configure --prefix=/usr --without-storage-iscsi --without-remote --without-sasl --without-openvz --without-storage-disk


below the parameters I've set in the /etc/libvirt/libvirt.conf file:
listen_tls = 0
listen_tcp = 1
unix_sock_group = "libvirt"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0777"
unix_sock_dir = "/var/run/libvirt"
auth_unix_ro = "none"
auth_unix_rw = "none"
auth_tcp = "none"
auth_tls = "none"
log_level = 1
log_outputs="0:stderr"

as root, I can run "virsh list" or "virsh -c xen+unix:/// list"
and it just works, however, I cannot do this as user eucalyptus.
The user eucalyptus is a member of the libvirt group.
# id eucalyptus
uid=1000(eucalyptus) gid=1000(eucalyptus) groups=1000(eucalyptus),0(root),16
(dialout),17(audio),33(video),100(users),1001(libvirt)

I ran virsh through strace, to see what happens:

strace virsh.bin -c xen+unix:/// list
...
open("/proc/xen/privcmd", O_RDWR)       = -1 EACCES (Permission denied)
...

Shouldn't the permissions of /proc/xen/privcmd be OK due to the libvirt.conf 
file?
However, I changed them, and now the strace output looks like this:

chmod 777 /proc/xen/privcmd
strace virsh.bin -c xen+unix:/// list
...
open("/proc/xen/privcmd", O_RDWR)       = 3
ioctl(3, SNDCTL_DSP_RESET, 0x7fff4721a0f0) = 196611
mlock(0x7fff4721a070, 72)               = 0
mlock(0x7fff47219f00, 136)              = 0
ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = -1 EACCES (Permission denied)
munlock(0x7fff47219f00, 136)            = 0
munlock(0x7fff4721a070, 72)             = 0
mlock(0x7fff4721a070, 72)               = 0
mlock(0x7fff47219f00, 136)              = 0
ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = -1 EACCES (Permission denied)
munlock(0x7fff47219f00, 136)            = 0
munlock(0x7fff4721a070, 72)             = 0
mlock(0x7fff4721a070, 72)               = 0
mlock(0x7fff47219f00, 136)              = 0
ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = -1 EACCES (Permission denied)
munlock(0x7fff47219f00, 136)            = 0
munlock(0x7fff4721a070, 72)             = 0
mlock(0x7fff4721a070, 72)               = 0
mlock(0x7fff47219f00, 136)              = 0
ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = 0
munlock(0x7fff47219f00, 136)            = 0
munlock(0x7fff4721a070, 72)             = 0
mlock(0x7fff47219e00, 136)              = 0
ioctl(3, SNDCTL_DSP_RESET, 0x7fff47219d80) = 0
munlock(0x7fff47219e00, 136)            = 0
close(3)                                = 0
...

actually, there is no sound card at all, I wonder what the SNDCTL_DSP_RESET is 
doing there. After the close(3), the virsh is only looking for language to 
generate the error message: error: failed to connect to the hypervisor

Those xen versions are installed:
xen-doc-pdf-3.3.1_18546_12-3.1
xen-doc-html-3.3.1_18546_12-3.1
xen-3.3.1_18546_12-3.1
xen-libs-3.3.1_18546_12-3.1
xen-tools-3.3.1_18546_12-3.1
xen-kmp-default-3.3.1_18546_12_2.6.27.19_5-3.1
kernel-xen-base-2.6.27.19-5.1
kernel-xen-2.6.27.19-5.1
xen-devel-3.3.1_18546_12-3.1

any idea what is wrong here?

kind regards
sebastian

More information about the libvir-list mailing list