[libvirt-users] unable to creating/list storage pools using non-root user

mallapadi niranjan niranjan.ashok at gmail.com
Sat Jun 23 08:34:24 UTC 2012 

On Sat, Jun 23, 2012 at 7:29 AM, mallapadi niranjan <
niranjan.ashok at gmail.com> wrote:

>
>
> On Sat, Jun 23, 2012 at 3:04 AM, Trey Dockendorf <treydock at gmail.com>wrote:
>
>> On Fri, Jun 22, 2012 at 10:02 AM, mallapadi niranjan
>> <niranjan.ashok at gmail.com> wrote:
>> >
>> >
>> > On Fri, Jun 22, 2012 at 4:38 PM, mallapadi niranjan
>> > <niranjan.ashok at gmail.com> wrote:
>> >>
>> >>
>> >>
>> >> On Fri, Jun 22, 2012 at 12:56 PM, Trey Dockendorf <treydock at gmail.com>
>> >> wrote:
>> >>>
>> >>>
>> >>> On Jun 22, 2012 1:08 AM, "mallapadi niranjan" <
>> niranjan.ashok at gmail.com>
>> >>> wrote:
>> >>> >
>> >>> > Hi all
>> >>> >
>> >>> > I have a Fedora release 17 (Beefy Miracle) with libvirt versions:
>> >>> >
>> >>> > libvirt-0.9.11.3-1.fc17.x86_64
>> >>> > virt-manager-0.9.1-3.fc17.noarch
>> >>> >
>> >>> > I have allowed non-root user to user libvirt by allowing the user
>> >>> > through polkit
>> >>> >
>> >>> > cat /etc/polkit-1/localauthority/50-local.d/cat
>> >>> > 50-org.example-libvirt-remote-access.pkla
>> >>> >
>> >>> > [Remote libvirt SSH access]
>> >>> > Identity=unix-group:virt
>> >>> > Action=org.libvirt.unix.manage;org.libvirt.unix.monitor
>> >>> > ResultAny=yes
>> >>> > ResultInactive=yes
>> >>> > ResultActive=yes
>> >>> >
>> >>> > After doing the above i am able to connect to virt-manager as
>> non-root
>> >>> > user but unable to create storage pools.
>> >>> >
>> >>> > [juno at reserved ~]$ id
>> >>> > uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt)
>> >>> > context=staff_u:staff_r:staff_t:s0
>> >>> > [juno at reserved ~]$ virsh
>> >>> > Welcome to virsh, the virtualization interactive terminal.
>> >>> >
>> >>> > Type:  'help' for help with commands
>> >>> >        'quit' to quit
>> >>> >
>> >>> > virsh # pool-list
>> >>> > error: Failed to reconnect to the hypervisor
>> >>> > error: no valid connection
>> >>> > error: Failed to connect socket to
>> '@/home/juno/.libvirt/libvirt-sock':
>> >>> > Connection refused
>> >>> >
>> >>> > virsh # list
>> >>> > error: Failed to reconnect to the hypervisor
>> >>> > error: no valid connection
>> >>> > error: Failed to connect socket to
>> '@/home/juno/.libvirt/libvirt-sock':
>> >>> > Connection refused
>> >>> >
>> >>> > I have defined pool called virt-images (/virt-images) which the
>> >>> > non-root (in this case the username is Juno)  user has the
>> read/write
>> >>> > permissions
>> >>> >
>> >>> > Also tried adding the permissions to unix socket in
>> >>> > /etc/libvirt/libvirtd.conf as below:
>> >>> >
>> >>> >  cat /etc/libvirt/libvirtd.conf  | grep -v ^$ | grep -v ^#
>> >>> > unix_sock_group = "virt"
>> >>> > unix_sock_ro_perms = "0777"
>> >>> > unix_sock_rw_perms = "0770"
>> >>> > unix_sock_dir = "/var/run/libvirt"
>> >>> >
>> >>> > But the unix socket are created in /var/run/libvirt and not in users
>> >>> > home directory, So how do we make a non-root user virsh commands
>> check the
>> >>> > socket created in /var/run/libvirt. It always checks for the socket
>> in
>> >>> > user's home directory ?
>> >>> >
>> >>> > Any pointers on above would be helpfu.
>> >>> >
>> >>> > Regards
>> >>> > Niranjan
>> >>> >
>> >>> >
>> >>> > _______________________________________________
>> >>> > libvirt-users mailing list
>> >>> > libvirt-users at redhat.com
>> >>> > https://www.redhat.com/mailman/listinfo/libvirt-users
>> >>>
>> >>> I believe I ran into this, try using this virsh command as the polkit
>> >>> authorized user
>> >>>
>> >>> virsh -c qemu:///system
>> >>>
>> >>> - Trey
>> >>
>> >> Yeah that worked.
>> >>
>> >> Thanks a lot trey
>> >
>> >
>> > Hi
>> >
>> >
>> > How do i make the below work ?
>> >
>> > [juno at reserved virt-img]$ virsh -c qemu:///session
>> >
>> > error: Failed to connect socket to '@/home/juno/.libvirt/libvirt-sock':
>> > Connection refused
>> > error: failed to connect to the hypervisor
>> >
>> >
>> > Regards
>> > Niranjan
>> >
>> > _______________________________________________
>> > libvirt-users mailing list
>> > libvirt-users at redhat.com
>> > https://www.redhat.com/mailman/listinfo/libvirt-users
>>
>> I'm not familiar with using "qemu:///session", to make an intial
>> connection I always do something like this...
>>
>> # Local connection
>> $ virsh -c qemu:///system
>>
>> # Remote
>> $ virsh -c ssh+qemu:///treydock@host.tld/system
>>
>> What are you trying to achieve with "session" ?
>>
>
> I would like to use virt-manager/virsh using non-root user ,
>  qemu:///system , connect as root user , I would like to create images and
> run them using non-root user .
>
>
>>
>> Also I noticed you mentioned using a path other than
>> /var/lib/libvirt/images for the pool, be sure the SELinux contexts are
>> correct.  Should be virt_image_t, you can set that for a special path
>> like so...
>>
>> $ semanage fcontext -a -t virt_image_t "/virt-img(/.*)?"
>> $ restorecon -R /virt-img
>>
>
> Yes, i have set the virt_image_t context set for /virt-img directory
>
>
>
>>
>> - Trey
>>
>
I apologize, I understood, whey qemu:///session would not work , I did not
read the documentation prior,

To run qemu:///session i.e , i have to have libvirtd instance running as
non-root user. This will have images stored in users home directory , But
will not be able to access host PCI devices if in case i decide to attach
them to my guest.

So i should be running qemu:///system and not session ,

Sourece: http://libvirt.org/drvqemu.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120623/8f4eb4fe/attachment.htm>

More information about the libvirt-users mailing list