Package: libvirt-daemon-system Version: 1.2.9-2 Severity: normal
Hi. I just saw that https://bugzilla.redhat.com/show_bug.cgi?id=947020 was fixed this summer and that virt-manager should be able to open VNC (not SPICE though) connections to running QEMU VMs again over UNIX sockets, when vnc_auto_unix_socket = 1 is set in /etc/libvirt/qemu.conf. Now unfortunately this doesn't work in Debian (at least not out of the box), and one get's a permission error on the socket: /var/lib/libvirt/qemu/someVMimage.vnc The reason is quite clear, while my user belongs to the group libvirt so that I can open /var/run/libvirt/libvirt-sock and /var/run/libvirt/libvirt-sock-ro in order to connect to libvirtd, it doesn't belong to libvirt-qemu, which is the owner of that socket someVMimage.vnc (and the parent dir). Now this is the actual issue here: Debian's libvirt packages create the following users: libvirt-qemu and groups: libvirt-qemu kvm As far as I can see, it's nowhere documented on how they're intended to be used, with the exception of the libvirt group, which is briefly explained in libvirtd.conf So following points: 1) Could you possibly explain/document, what the other users/groups are actually used for and for which purpose people my grant users membership to libvirt-qemu/kvm groups? 2) Is the kvm group still used? The only place I found it was /dev/kvm And most important here: 3) I see it's a good idea to have livirt and libvirt-qemu, at least if intended as the following: - libvirt to allow users group membership to connect to the dameon - libvirt-qmue to make it own stuff (e.g. images) where the normal user should have access to, even when belonging to libvirt But in that case, shouldn't the sockets for VNC and monitor, i.e. /var/lib/libvirt/qemu/someVMimage.vnc /var/lib/libvirt/qemu/someVMimage.monitor be owned by libvirt instead of libvirt-qemu. And of course they'd need to access the parent dir (which is libvirt-qemu owned) as well. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
