Re: [Libguestfs] [PATCH] launch: show hint to resolve authentication failure from libvirt
On Thu, Oct 11, 2012 at 12:57:12PM +0200, Olaf Hering wrote:
On Wed, Oct 10, Daniel P. Berrange wrote:
> It depends on what instance of libvirtd you are connecting to.
>
> - The system instance, runs as root and requirs non-root users
> to auth with policykit
>
> - The session instance, runs as the same user id as the client
> app and does not require auth.
>
> Since libguestfs passes NULL for the URI, it will be connecting
> to the session instance if libguestfs is non-root and thus not
> require any auth. If libguestfs is run as root it will connect
> to the system instance which requires polkit auth, but root already
> has that granted.
Thanks for that summary.
Today I tried it with a openSuSE 12.2 system, which is more uptodate
than a sles11sp2.
Running libguestfs-test-tool fails because root starts a kvm guest, while a
user starts a qemu guest. I think once the os type is correct for type 'qemu'
it will work.
Hmm, on Fedora non-root is able to use KVM just fine. If you have a
new enough libvirt, you should have a 'virt-host-validate' command.
Can you run that as both root and non-root and provide the output
for each case.
Also provide the 'virsh -c qemu:///session capabilities' output
when run as non-root
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|