Hi all, I want to use libvirtd and polkit to create simple access restricitions for incoming TLS connections. libvirtd.conf: > ... > auth_tls = "sasl" > access_drivers = [ "polkit" ] > ... > tls_no_verify_certificate = 1 SASL and TLS in combination is already working without any faults. After activating access_drivers, the setup breaks, cause the access is denied. without polkit: > [root@inexor-test ~]# virsh --connect qemu+tls://vm0.host.b3be.de/system > Please enter your authentication name: inexor@vm0 > Please enter your password: > Welcome to virsh, the virtualization interactive terminal. > ... with polkit: > [root@inexor-test ~]# virsh --connect qemu+tls://vm0.host.b3be.de/system > Please enter your authentication name: inexor@vm0 > Please enter your password: > error: failed to connect to the hypervisor > error: access denied I deactivated any self-written polkit-rules and had been able to track down the problem to communication with libvirtd and polkit (via pkttyagent). For every incoming connection, libvirtd logs this: > Jan 04 15:12:41 vm0 libvirtd[17075]: Unable to verify TLS peer: No certificate was found. > Jan 04 15:12:41 vm0 libvirtd[17075]: Certificate check failed Unable to verify TLS peer: No certificate was found. > Jan 04 15:12:45 vm0 libvirtd[17075]: internal error: No UNIX process ID available > Jan 04 15:12:45 vm0 libvirtd[17075]: access denied > Jan 04 15:12:45 vm0 libvirtd[17075]: access denied > Jan 04 15:12:45 vm0 libvirtd[17075]: Cannot recv data: Input/output error > Jan 04 15:12:47 vm0 libvirtd[17075]: Unable to verify TLS peer: No certificate was found. Additionally, what I found: After every libvirtd-restart the unit polkit.service loggs an Registered and directly after an Unregsitered Auth Agent. > Jan 04 15:28:29 vm0 polkitd[2670]: Registered Authentication Agent for unix- process:17225:3691193 (system bus name :1.97 [/usr/bin/pkttyagent --notify-fd 4 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale C) > Jan 04 15:28:30 vm0 polkitd[2670]: Unregistered Authentication Agent for unix- process:17225:3691193 (system bus name :1.97, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale C) (disconnected from bus) (Correct! In the first second it registers and shortly it unregisteres again) Could someone please provide me a hint how to make libvirtd and polkit talk to each other? Sincerely, Bene polkit-version: 0.113 libvirt-version: 1.3.0 Running on Archlinux (init: systemd) _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
