[Pkg-libvirt-maintainers] Bug#510235: libvirt-bin: virt-manager unable to connect to libvirtd as r/w (full VM management) on a local connection

Miguel Enrique Cobá Martínez miguel.coba at gmail.com
Tue Dec 30 18:22:04 UTC 2008 

Package: libvirt-bin
Version: 0.4.6-10
Severity: grave
Justification: renders package unusable

*** Please type your report below this line ***

After the upgrade of libvirt-bin from 0.4.6-9 to 0.4.6-10 virt-manager 
cannot connect to libvirtd using the r/w socket on a local connection.

The changelog date is:

-- Guido Günther <agx at sigxcpu.org>  Thu, 18 Dec 2008 16:59:45 +0100

With the previous version it had no problems. I have tested with my 
previous config and as a fresh install of libvirt-bin and kvm. Same error:

The error shown is:

Traceback (most recent call last):
   File "/usr/share/virt-manager/virtManager/engine.py", line 472, in 
run_domain
     vm.startup()
   File "/usr/share/virt-manager/virtManager/domain.py", line 379, in 
startup
     self.vm.create()
   File "/usr/lib/python2.5/site-packages/libvirt.py", line 262, in create
     if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: operation virDomainCreate forbidden for read only access

My libvirtd.conf is the default from package install, the only enabled 
options are (all the other are in their default state):

unix_sock_group = "libvirt"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"

/etc/group:
libvirt:x:113:miguel

My groups:
miguel at laptop:~$ groups
miguel dialout cdrom floppy audio video plugdev netdev powerdev libvirt

I'm not using tls, tcp, sals or policykit. Just the normal socket 
connection with group authentication for normal users. The user I'm 
trying to connect with is part of the libvirt group.

How to reproduce:
Install kvm and virt-manager, with all its dependencies:

# aptitude install kvm virt-manager

Verify that the libvirtd daemon is running with the default config:

# ps ax| grep libvirtd

Add a normal user to the libvirtd group (miguel in this case):

# adduser miguel libvirtd

As the normal user run virt-manager (from command line or from menu):

# virt-manager

You can only see the VMs (R/O mode: monitoring VM status only). That is, 
you cannot start/stop/pause the VM (R/W mode: full VM management). In 
the previous version you could.

Now, as root, and using virsh you can start and stop the VM:

laptop:~# virsh start WindowsXP
Domain WindowsXP started

laptop:~# virsh shutdown WindowsXP
Domain WindowsXP is being shutdown

The VM start and stop correctly and I can view it and use it with 
virt-manager (in R/O mode)

But as normal user you can't start it:

miguel at laptop:~$ virsh start WindowsXP
Cannot set group when not running as root
libvir: QEMU error : Domain not found
libvir: QEMU error : Domain not found
error: failed to get domain 'WindowsXP'

Another thing I noticed, the previous version used to start the dnsmasq 
automatically (I had ENABLED=0 in /etc/default/dnsmasq). This versión 
doesn't start dnsmasq and therefore denies network capabilities to the VMs.

Workaround:

Kind of workaround. You can start the VM as root when you need them. 
Also you can mark them for autostart in Details|Hardware|Boot 
Options|Autostart VM.
But there will be no network unless you can start properly dnsmasq to 
handle it.


-- System Information:
Debian Release: 5.0
   APT prefers testing
   APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_MX.UTF-8, LC_CTYPE=es_MX.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libvirt-bin depends on:
ii  adduser                3.110             add and remove users and groups
ii  libavahi-client3       0.6.22-3          Avahi client library
ii  libavahi-common3       0.6.22-3          Avahi common library
ii  libc6                  2.7-16            GNU C Library: Shared libraries
ii  libdbus-1-3            1.2.1-4           simple interprocess 
messaging syst
ii  libgcrypt11            1.4.1-1           LGPL Crypto library - 
runtime libr
ii  libgnutls26            2.4.2-4           the GNU TLS library - 
runtime libr
ii  libgpg-error0          1.4-2             library for common error 
values an
ii  libpolkit-dbus2        0.8-2             library for accessing 
PolicyKit vi
ii  libpolkit2             0.8-2             library for accessing PolicyKit
ii  libreadline5           5.2-3             GNU readline and history 
libraries
ii  libsasl2-2             2.1.22.dfsg1-23   Cyrus SASL - authentication 
abstra
ii  libselinux1            2.0.65-5          SELinux shared libraries
ii  libtasn1-3             1.4-1             Manage ASN.1 structures 
(runtime)
ii  libvirt0               0.4.6-10          library for interfacing 
with diffe
ii  libxenstore3.0         3.2.1-2           Xenstore communications 
library fo
ii  libxml2                2.6.32.dfsg-5     GNOME XML library
ii  logrotate              3.7.1-5           Log rotation utility
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages libvirt-bin recommends:
ii  bridge-utils                  1.4-5      Utilities for configuring 
the Linu
ii  dnsmasq                       2.45-1     A small caching DNS proxy 
and DHCP
ii  iptables                      1.4.1.1-3  administration tools for 
packet fi
ii  netcat-openbsd                1.89-3     TCP/IP swiss army knife
ii  qemu                          0.9.1-8    fast processor emulator

Versions of packages libvirt-bin suggests:
pn  policykit                     <none>     (no description available)

-- no debconf information

More information about the Pkg-libvirt-maintainers mailing list