Re: [Libguestfs] [PATCH] launch: show hint to resolve authentication failure from libvirt
On Wed, Oct 10, Daniel P. Berrange wrote:
On Wed, Oct 10, 2012 at 05:06:37PM +0200, Olaf Hering wrote:
> + if (err->code == VIR_ERR_AUTH_FAILED)
> + error (g, _("Possible fix: 'polkit-auth --user <username>
--grant org.libvirt.unix.manage'"));
Hmm, libguestfs is using the qemu://session instance of libvirt, of which
one is launched per user. This should not require any authentication at
all, since it is only accessible to the current user. PolicyKit is only
relevant if connecting to the qemu:///system instance of libvirtd which
runs privileged and this is not something libguestfs would be using,
unless it was run as root. But if libguestfs ran as root, it would
already have permission to connect via policykit.
You are right, yesterday I was trying alot to get this working as
non-root. The last version, before I came across polkit-auth, was
virt-inspector -c qemu+ssh://localhost -v -d 6326ad4e-5805-2ab4-1338-d1dad8c76162
which gives the "authentication failed" error.
But 'virsh list --all' returns an empty list, and every virt-* command
just returns "Domain not found:" on my sles11sp2 system, which is not
very helpful. Now I dont see a clean way how to catch that, other than
putting it into some README.
Are you saying that on Fedora or RHEL a user can launch libvirt domains
without doing polkit-auth first?
Olaf