severity 764849 wishlist thanks On Sat, Oct 11, 2014 at 05:37:10PM +0200, Christoph Anton Mitterer wrote: > Package: libvirt-daemon-system > Version: 1.2.9-2 > Severity: normal > > > Hi. > > I just saw that https://bugzilla.redhat.com/show_bug.cgi?id=947020 was > fixed this summer and that virt-manager should be able to open > VNC (not SPICE though) connections to running QEMU VMs again over > UNIX sockets, when > vnc_auto_unix_socket = 1 > is set in /etc/libvirt/qemu.conf. > > Now unfortunately this doesn't work in Debian (at least not out of the > box), and one get's a permission error on the socket: > /var/lib/libvirt/qemu/someVMimage.vnc > > > The reason is quite clear, while my user belongs to the group libvirt > so that I can open /var/run/libvirt/libvirt-sock and > /var/run/libvirt/libvirt-sock-ro in order to connect to libvirtd, it > doesn't belong to libvirt-qemu, which is the owner of that socket > someVMimage.vnc (and the parent dir). > > > > Now this is the actual issue here: > Debian's libvirt packages create the following users: > libvirt-qemu > and groups: > libvirt-qemu > kvm > > As far as I can see, it's nowhere documented on how they're intended > to be used, with the exception of the libvirt group, which is briefly > explained in libvirtd.conf > > > > > So following points: > > 1) Could you possibly explain/document, what the other users/groups > are actually used for and for which purpose people my grant users > membership to libvirt-qemu/kvm groups? > > > 2) Is the kvm group still used? > The only place I found it was /dev/kvm > > > And most important here: > > > 3) I see it's a good idea to have livirt and libvirt-qemu, at least if > intended as the following: > - libvirt to allow users group membership to connect to the dameon > - libvirt-qmue to make it own stuff (e.g. images) where the normal user > should have access to, even when belonging to libvirt > > But in that case, shouldn't the sockets for VNC and monitor, i.e. > /var/lib/libvirt/qemu/someVMimage.vnc > /var/lib/libvirt/qemu/someVMimage.monitor > be owned by libvirt instead of libvirt-qemu. > And of course they'd need to access the parent dir (which is > libvirt-qemu owned) as well.
Libvirt is for connections to the libvirt daemon. Libvirt-qemu is the uid/gid qemu runs with. If you want to connect so socket created by qemu itself you need libvirt-qemu too. -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
