[libvirt-users] [libvirt] New wiki pages with libvirt SSH setup instructions

Zdenek Styblik stybla at turnovfree.net
Thu Sep 23 10:08:25 UTC 2010


Good noon,

On 09/22/2010 02:25 PM, Justin Clift wrote:
> On 09/22/2010 07:33 PM, Zdenek Styblik wrote:
>> I was thinking about writing info for Slackware, because you've asked.
>> But I came to realize the page is written in such general way, it's
>> simply applicable to other distributions without any big troubles which
>> should be worth of writing up.
> 
> Hmmmm, how does Slackware do the access control for the libvirt
> management socket?
> 
> Any idea if it's using PolicyKit, or if it's using groups?
>

I've managed to create ACL by groups and it's working. However, to my
surprise, there is Slackware package for PolicyKit. Yet, I have never
used it nor tested it (I could though?).


> Asking because if it's using one of those two, then it's extremely
> easy to add a new "Slackware" head and point people to the right bit.
> 

Probably both or it depends on whether PolicyKit is installed or not.
(T.B.D.?) Group ACL works for sure.

> 
>> At least that's my opinion. Of course it
>> doesn't mean there can't be pitfalls in other distributions.
> 
> Yeah.  I'm kind of thinking that if we know how Slackware does it,
> we should probably mention it.
> 
> That'll help people using things like (ie) Google, when they do
> keyword searches for "+Libvirt +Slackware +access".  Without a mention
> of Slackware on the pages, search engines won't show it in the result
> list. :(
> 
> Plus... having more distributions on there helps to show off how
> cross-distribution libvirt is. :)
> 

Indeed :)

[...]
>> One thing though and that's access to virtual storage. Isn't there a
>> problem with group libvirt not having ACL to manipulate images as they
>> are created with root:root ownership? I'm aware of
>> <permissions>...</permissions>, but so far I haven't been successful to
>> make it work (= ownership stayed as root:root no matter what; version
>> 0.8.4).
> 
> Hmmm, interesting thought.  It's not an area I've looked at from the
> perspective of access by non-root users.
> 
> Yeah, I should investigate that to ensure there aren't any pitfalls there.
> 
> Good thinking Zdenek. :)
> 

First things first. I've messed up version number - 0.8.3 (0.8.4 is
virt-manager, now at 0.8.5). So now, it's tested with libvirt-0.8.4 for
sure.

This works. Non-root user - VM management, creating images, VNC.

Now, here comes part which is hard to describe.

qemu-kvm - running as libvirt - great!
libvirtd - running as root - bad?

I wanted to achieve something like that (= root-less qemu and libvirtd)
with 0.8.3, but it didn't work because libvirt/virt-manager claimed ACL
problem. I think it's time for re-test and eventual push into
"production" of mine :)

I'm not sure if this part made sense. Simply - it works as expected.

> Regards and best wishes,
> 
> Justin Clift

Have a nice day,
Zdenek

-- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla at turnovfree.net
jabber: stybla at jabber.turnovfree.net




More information about the libvirt-users mailing list