[libvirt-users] File permissions on VNC unix sockets

Landon Gilbert-Bland lgbland at corp.xmission.com
Thu Aug 7 18:42:44 UTC 2014


I am using kvm libvirt/qemu, and am trying to get VNC working with unix
sockets. I'm using the following in my XML:

<graphics type='vnc' socket='/tmp/kvmtest'/>

This works, it creates the unix socket and I can use it for VNC. But it
creates the socket with 755 permissions, and owned by libvirt-qemu:kvm.
Ideally, I would like it to be 770 root:libvirtd, but could also work
with 775 libvirt-qemu:kvm.

Basically, I would like the group to be read/write/execute, so that
anyone in this group can use virt-manager (or whatever) to get into the
vm with vnc. I haven't found a way to change this in the settins. It
doesn't seem to be honoring the unix socket settings in
/etc/libvirt/libvirdd.conf (it looks like those are only for
libvirt-sock and libvirt-sock-ro), and I haven't been able to find any
documentation about changing these permissions in the XML.

I can manually chmod/chown the socket after it is created (manually or
with a cron), but that is far from an ideal solution. I don't suppose
anyone has run across a configuration option for this that I have missed?

I have only tested this in ubuntu 14.04.1 and debian testing, for what
it's worth.

Thanks,
--landon




More information about the libvirt-users mailing list