Nate Pearlstein - npearl@xxxxxxx - Product Support Engineer
-----Original Message-----
From: Nate Pearlstein [npearl@xxxxxxx]
Sent: Saturday, January 16, 2016 03:13 PM Central Standard Time
To: Community support for Fedora users
Subject: Re: f23 mate policykit libvirt problem
Hi Cole,
Thanks for the response. I’m still seeing problems.
I start virt-manager and it prompts me for the root password.
My user is now a member of the libvirt group
[npearl@caprica ~]$ id
uid=10000(npearl) gid=1000(npearl) groups=1000(npearl),10(wheel),982(libvirt) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Jan 16 15:39:08 caprica polkitd[2464]: Operator of unix-session:1 FAILED to authenticate to gain authorization for action org.libvirt.unix.manage for unix-process:5732:28774 [/usr/bin/python2 -tt /usr/share/virt-manager/virt-manager] (owned by unix-user:npearl)
Jan 16 15:39:08 caprica libvirtd[3546]: libvirt version: 1.2.18.2, package: 1.fc23 (Fedora Project, 2015-12-24-00:55:42, buildhw-12.phx2.fedoraproject.org)
Jan 16 15:39:08 caprica libvirtd[3546]: authentication cancelled: user cancelled authentication process
Jan 16 15:39:08 caprica libvirtd[3546]: End of file while reading data: Input/output error
I’ve also tried playing around with various paramters in /etc/libvirt/libvirtd.conf and copied /usr/lib/systemd/system/libvirtd.socket to /etc/systemd/system/libvirtd.socket and changed the perms on the unix sockets to no avail.
Perhaps I need to open a bug.
> On Jan 16, 2016, at 10:31 AM, Cole Robinson <crobinso@xxxxxxxxxx> wrote:
>
> On 01/15/2016 07:44 PM, Nate Pearlstein wrote:
>> I’ve been trying to get policykit to automatically authorize virt-manager.
>>
>> This was working fine with fedora 21, but with fedora 23 it doesn’t seem to work. For both I’ve been using the mate desktop.
>>
>> With f21 I had the following in /etc/polkit-1/localauthority/50-local.d/caprica.libvirt.pkla
>>
>> [Allow user libvirt management permissions]
>> Identity=unix-user:user
>> Action="">
>> ResultAny=yes
>> ResultInactive=yes
>> ResultActive=yes
>>
>>
>
> That format hasn't worked for quite a while, due to a polkit change.
>
>> I tried the above with f23 and no luck. I’ve since tried
>>
>> /etc/polkit-1/rules.d/80-libvirt.rules
>>
>> polkit.addRule(function(action, subject) {
>> if (action.id == "org.libvirt.unix.manage" && subject.local && subject.active && subject.isInGroup("wheel")) {
>> return polkit.Result.YES;
>> }
>> });
>>
>
> At a glance that looks like it should work, but I didn't confirm the syntax.
> However on fedora 22+ the recommended way to do this is to add yourself to the
> 'libvirt' group:
>
>
http://blog.wikichoon.com/2016/01/polkit-password-less-access-for-libvirt.html
>
> - Cole
> --
> users mailing list
> users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
