[CentOS-virt] unable to get domain status from libvirt & KVM

Tom Georgoulias tomg at mcclatchyinteractive.com
Thu Mar 11 20:19:49 UTC 2010


On 03/11/2010 11:24 AM, Akemi Yagi wrote:

> Look into /etc/libvirt/libvirtd.conf and check out the section "UNIX
> socket access controls" and make appropriate adjustment.  [ I created
> group 'libvirt' , added myself to the group, and uncommented the line
> "unix_sock_group = "libvirt"".]  Then adjust also the permission bits
> of the directories and files in /var/run/libvirt to allow access to
> the group libvirt.

Here are the results of a test where I just made unix_sock_group the 
same group as an unprivileged test user:

libvirtd.conf changes:

unix_sock_group = "testu"
unix_sock_ro_perms = "0777"

[root at kvm ~]# service libvirtd restart
Stopping libvirtd daemon:                                  [  OK  ]
Starting libvirtd daemon:                                  [  OK  ]
[root at kvm ~]# ls -l /var/run/libvirt
total 16
srwx------ 1 root testu     0 Mar 11 15:03 libvirt-sock
srwxrwxrwx 1 root testu     0 Mar 11 15:03 libvirt-sock-ro
drwxr-xr-x 2 root root   4096 Mar  8 13:05 network
drwxr-xr-x 2 root root   4096 Mar 11 15:00 qemu

(no changes to qemu.  Should I expect some?)

> With some luck, you should be able to run the virsh command (for example):
>
> virsh -c qemu:///system list --all

As test user "testu":

[testu at kvm ~]$ virsh -c qemu:///system list --all
error: unable to connect to '/var/run/libvirt/libvirt-sock': Permission 
denied
error: failed to connect to the hypervisor
[testu at kvm ~]$ virsh -c qemu:///session list --all
15:04:05.167: error : No vport operation path found for host0
15:04:05.186: error : No vport operation path found for host4
15:04:05.192: error : No vport operation path found for host3
15:04:05.240: error : No vport operation path found for host1
15:04:05.240: error : No vport operation path found for host2
  Id Name                 State
----------------------------------

[testu at kvm ~]$

Doesn't seem like a socket access issue, the perms for the 
libvirt-sock-ro are wide open.


Tom


More information about the CentOS-virt mailing list