So on a different system upgraded from f22 and not f21 the directions work so there must
be some cruft hiding on the one upgraded from f21. I'll have to dig into the
differences.
Nate Pearlstein - npearl(a)sgi.com - Product Support Engineer
-----Original Message-----
From: Nate Pearlstein [npearl@sgi.com<mailto:npearl@sgi.com>]
Sent: Saturday, January 16, 2016 03:13 PM Central Standard Time
To: Community support for Fedora users
Subject: Re: f23 mate policykit libvirt problem
Hi Cole,
Thanks for the response. I’m still seeing problems.
I start virt-manager and it prompts me for the root password.
My user is now a member of the libvirt group
[npearl@caprica ~]$ id
uid=10000(npearl) gid=1000(npearl) groups=1000(npearl),10(wheel),982(libvirt)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Jan 16 15:39:08 caprica polkitd[2464]: Operator of unix-session:1 FAILED to authenticate
to gain authorization for action org.libvirt.unix.manage for unix-process:5732:28774
[/usr/bin/python2 -tt /usr/share/virt-manager/virt-manager] (owned by unix-user:npearl)
Jan 16 15:39:08 caprica libvirtd[3546]: libvirt version: 1.2.18.2, package: 1.fc23 (Fedora
Project, 2015-12-24-00:55:42,
buildhw-12.phx2.fedoraproject.org)
Jan 16 15:39:08 caprica libvirtd[3546]: authentication cancelled: user cancelled
authentication process
Jan 16 15:39:08 caprica libvirtd[3546]: End of file while reading data: Input/output
error
I’ve also tried playing around with various paramters in /etc/libvirt/libvirtd.conf and
copied /usr/lib/systemd/system/libvirtd.socket to /etc/systemd/system/libvirtd.socket and
changed the perms on the unix sockets to no avail.
Perhaps I need to open a bug.
On Jan 16, 2016, at 10:31 AM, Cole Robinson
<crobinso(a)redhat.com> wrote:
On 01/15/2016 07:44 PM, Nate Pearlstein wrote:
> I’ve been trying to get policykit to automatically authorize virt-manager.
>
> This was working fine with fedora 21, but with fedora 23 it doesn’t seem to work.
For both I’ve been using the mate desktop.
>
> With f21 I had the following in
/etc/polkit-1/localauthority/50-local.d/caprica.libvirt.pkla
>
> [Allow user libvirt management permissions]
> Identity=unix-user:user
> Action=org.libvirt.unix.manage
> ResultAny=yes
> ResultInactive=yes
> ResultActive=yes
>
>
That format hasn't worked for quite a while, due to a polkit change.
> I tried the above with f23 and no luck. I’ve since tried
>
> /etc/polkit-1/rules.d/80-libvirt.rules
>
> polkit.addRule(function(action, subject) {
> if (action.id == "org.libvirt.unix.manage" && subject.local
&& subject.active && subject.isInGroup("wheel")) {
> return polkit.Result.YES;
> }
> });
>
At a glance that looks like it should work, but I didn't confirm the syntax.
However on fedora 22+ the recommended way to do this is to add yourself to the
'libvirt' group:
http://blog.wikichoon.com/2016/01/polkit-password-less-access-for-libvirt...
- Cole
--
users mailing list
users(a)lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct
Guidelines:
http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away:
http://ask.fedoraproject.org
--
users mailing list
users(a)lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct
Guidelines:
http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away:
http://ask.fedoraproject.org