virsh rights voor normal users
Daniel P. Berrange
dan at berrange.com
Thu Oct 29 15:25:46 UTC 2020
On Thu, Oct 29, 2020 at 04:13:45PM +0100, Natxo Asenjo wrote:
> hi,
> using the cockpit web ui and with these instructions:
>
> https://libvirt.org/dbus.html#usage
>
> we allow successfully that a group of users can access the console of the
> system vms in different kvm hosts.
>
> Oddly enough, in the same cockpit web interface I can use a terminal, and
> if I run virsh list --all I get an empty listing.
>
> So using cockpit I can manage the system vms, but I cannot use virsh.
>
> This is in a rhel 7.8 system. The host is joined to an Idm realm, and this
> realm has a trust to an AD forest. The users are AD users mapped to an
> external Idm group.
>
> Any ideas as to what we do wrong?
There are two distinct instances of libvirt - system mode and session
mode. I suspect cockpit is using a different instance than your
virsh command
https://libvirt.org/drvqemu.html#securitydriver
virsh defaults to "session" mode if running non-root, "system" mode
if running as root. You can use "-c URI" to override the default if
running non-root.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvirt-users
mailing list