On Tue, Mar 10, 2015 at 02:32:04AM -0400, Laine Stump wrote: > Commit 4bbe1029f fixed a problem in commit f7afeddc by moving the call > to virNetDevGetIndex() to a location common to all interface types (so > that the niceindex array would be filled in for macvtap as well as tap > interfaces), but the location was *too* common, as the original call > to virNetDevGetIndex() had been in a section qualified by "if > (cfg->privileged)". The result was that the "fixed" libvirtd would try > to call virNetDevGetIndex() even for session mode libvirtd, and end up > failing with the log message: > > Unable to open control socket: Operation not permitted > > To remedy that, this patch qualifies the call to virNetDevGetIndex() > in its new location with cfg->privileged. > > This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1198244 > --- > > If someone (Rich?) needs this pushed before I am awake, please feel > free to push it. (also push to the 1.2.13-maint branch if you do) > > src/qemu/qemu_command.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c > index 1510797..3d1483e 100644 > --- a/src/qemu/qemu_command.c > +++ b/src/qemu/qemu_command.c > @@ -7861,6 +7861,7 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd, > char **tapfdName = NULL; > char **vhostfdName = NULL; > int actualType = virDomainNetGetActualType(net); > + virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); > virNetDevBandwidthPtr actualBandwidth; > size_t i; > > @@ -7936,7 +7937,7 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd, > /* network and bridge use a tap device, and direct uses a > * macvtap device > */ > - if (nicindexes && nnicindexes && net->ifname) { > + if (cfg->privileged && nicindexes && nnicindexes && net->ifname) { > if (virNetDevGetIndex(net->ifname, &nicindex) < 0 || > VIR_APPEND_ELEMENT(*nicindexes, *nnicindexes, nicindex) < 0) > goto cleanup; Just tested with this patch locally, using Rich's reproducer. Fixes the issue. Before applying this patch, tested with version libvirt-daemon-kvm-1.2.13-1.fc23.x86_64: $ whoami kashyapc $ guestfish -a /dev/null --network run libguestfs: error: could not create appliance through libvirt. . . . Original error from libvirt: Unable to open control socket: Operation not permitted [code=38 domain=0] After applying this patch (applied on current git): $ git describe v1.2.13-100-gb7d027b $ guestfish -a /dev/null --network run $ echo $? 0 So, FWIW: Tested-By: Kashyap Chamarthy <kchamart@xxxxxxxxxx> -- /kashyap -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list