On 03/11/2010 11:24 AM, Akemi Yagi wrote:
Look into /etc/libvirt/libvirtd.conf and check out the section "UNIX socket access controls" and make appropriate adjustment. [ I created group 'libvirt' , added myself to the group, and uncommented the line "unix_sock_group = "libvirt"".] Then adjust also the permission bits of the directories and files in /var/run/libvirt to allow access to the group libvirt.
Here are the results of a test where I just made unix_sock_group the same group as an unprivileged test user:
libvirtd.conf changes:
unix_sock_group = "testu" unix_sock_ro_perms = "0777"
[root@kvm ~]# service libvirtd restart Stopping libvirtd daemon: [ OK ] Starting libvirtd daemon: [ OK ] [root@kvm ~]# ls -l /var/run/libvirt total 16 srwx------ 1 root testu 0 Mar 11 15:03 libvirt-sock srwxrwxrwx 1 root testu 0 Mar 11 15:03 libvirt-sock-ro drwxr-xr-x 2 root root 4096 Mar 8 13:05 network drwxr-xr-x 2 root root 4096 Mar 11 15:00 qemu
(no changes to qemu. Should I expect some?)
With some luck, you should be able to run the virsh command (for example):
virsh -c qemu:///system list --all
As test user "testu":
[testu@kvm ~]$ virsh -c qemu:///system list --all error: unable to connect to '/var/run/libvirt/libvirt-sock': Permission denied error: failed to connect to the hypervisor [testu@kvm ~]$ virsh -c qemu:///session list --all 15:04:05.167: error : No vport operation path found for host0 15:04:05.186: error : No vport operation path found for host4 15:04:05.192: error : No vport operation path found for host3 15:04:05.240: error : No vport operation path found for host1 15:04:05.240: error : No vport operation path found for host2 Id Name State ----------------------------------
[testu@kvm ~]$
Doesn't seem like a socket access issue, the perms for the libvirt-sock-ro are wide open.
Tom