Hello,
after rebuild for F10 works well, just root password is not required when started. I think this is a feature and I am happy, that I don't need always click to run without privileges, but there is one problem.
Starting an domain starts my serial console owned by root and is not accesssible from virt-manager (virt-viewer). After changing ownership it's immediatelly available. Is it possible to change this in time of virtual machine creation? (in libvirt or where?)
Another feature enhacement can be adding "Serial 0" tab automatically, when there is no Console available for guest. Message "Console not configured for guest" can be sometimes misinterpretated, because I can have serial console for my guest. I prefer to use serial consoles, because they do not need to install graphical environment on host. They have multiple advantages, like access from another machine using serial or ipmi console, viewing crash status, when host crashes, ...
And last possible enhancement: when pressing F10 key in guest's serial console, is it possible to avoid opening of "File menu" and send this key to serial 0, as it is done in VGA console?
Thank you.
SAL
Jan ONDREJ (SAL) wrote:
Hello,
after rebuild for F10 works well, just root password is not required when started. I think this is a feature and I am happy, that I don't need always click to run without privileges, but there is one problem.
Starting an domain starts my serial console owned by root and is not accesssible from virt-manager (virt-viewer). After changing ownership it's immediatelly available. Is it possible to change this in time of virtual machine creation? (in libvirt or where?)
Yes, this is one of the drawbacks of not running virt-manager as root: since the qemu:///system libvirt connection will launch your guests as root, a regular user won't be able to access ptys.
I don't know of a proper solution to it all, other then running the app as root or changing the the pty permissions as you did.
Another feature enhacement can be adding "Serial 0" tab automatically, when there is no Console available for guest. Message "Console not configured for guest" can be sometimes misinterpretated, because I can have serial console for my guest.
I see what you mean. The wording could certainly be better, and It would make sense to try to connect to the serial console if no graphics device is attached. Thanks for the idea.
I prefer to use serial consoles, because they
do not need to install graphical environment on host. They have multiple advantages, like access from another machine using serial or ipmi console, viewing crash status, when host crashes, ...
And last possible enhancement: when pressing F10 key in guest's serial console, is it possible to avoid opening of "File menu" and send this key to serial 0, as it is done in VGA console?
We would probably need some sort of keygrab process like we do for VNC to get this right. Not sure if that's even an option for the VTE widget though.
Thanks, Cole
Hello,
thank you for positive reply.
On Fri, Mar 13, 2009 at 12:45:56PM -0400, Cole Robinson wrote:
Jan ONDREJ (SAL) wrote:
Starting an domain starts my serial console owned by root and is not accesssible from virt-manager (virt-viewer). After changing ownership it's immediatelly available. Is it possible to change this in time of virtual machine creation? (in libvirt or where?)
Yes, this is one of the drawbacks of not running virt-manager as root: since the qemu:///system libvirt connection will launch your guests as root, a regular user won't be able to access ptys.
I don't know of a proper solution to it all, other then running the app as root or changing the the pty permissions as you did.
Is it known to libvirt, who is user which is starting virtual machine? Can libvirt change ownership of this pty back to user? Root do not need to be owner of this file to access it, he can access any file, but user needs.
Another solution can be to change permissions on pty to 660, leave group to tty or change it to a value defined in libvirtd.conf.
Is it possible?
SAL
Jan ONDREJ (SAL) wrote:
Hello,
thank you for positive reply.
On Fri, Mar 13, 2009 at 12:45:56PM -0400, Cole Robinson wrote:
Jan ONDREJ (SAL) wrote:
Starting an domain starts my serial console owned by root and is not accesssible from virt-manager (virt-viewer). After changing ownership it's immediatelly available. Is it possible to change this in time of virtual machine creation? (in libvirt or where?)
Yes, this is one of the drawbacks of not running virt-manager as root: since the qemu:///system libvirt connection will launch your guests as root, a regular user won't be able to access ptys.
I don't know of a proper solution to it all, other then running the app as root or changing the the pty permissions as you did.
Is it known to libvirt, who is user which is starting virtual machine? Can libvirt change ownership of this pty back to user? Root do not need to be owner of this file to access it, he can access any file, but user needs.
I'm pretty sure libvirt doesn't know the actual user who is connecting via PolicyKit: it all looks like root after the authentication.
Another solution can be to change permissions on pty to 660, leave group to tty or change it to a value defined in libvirtd.conf.
This doesn't sound unreasonable, you'd probably want to bring it up on libvir-list or file a bug though.
Thanks, Cole
On Fri, Mar 13, 2009 at 12:45:56PM -0400, Cole Robinson wrote:
Jan ONDREJ (SAL) wrote:
Hello,
after rebuild for F10 works well, just root password is not required when started. I think this is a feature and I am happy, that I don't need always click to run without privileges, but there is one problem.
Starting an domain starts my serial console owned by root and is not accesssible from virt-manager (virt-viewer). After changing ownership it's immediatelly available. Is it possible to change this in time of virtual machine creation? (in libvirt or where?)
Yes, this is one of the drawbacks of not running virt-manager as root: since the qemu:///system libvirt connection will launch your guests as root, a regular user won't be able to access ptys.
I don't know of a proper solution to it all, other then running the app as root or changing the the pty permissions as you did.
It is not worth running root just to get access to the serial PTYs. If we want to kep accessing PTYs directly, then perhaps make them use a TCP socket on localhost, instead of a PTY. The real solution though is to get the serial datastream tunneled over the VNC connection. I want this to be a goal for F12 - most of the work for that will be in KVM /GTK-VNc space, then it'll mostly 'just work' for virt-manager.
And last possible enhancement: when pressing F10 key in guest's serial console, is it possible to avoid opening of "File menu" and send this key to serial 0, as it is done in VGA console?
We would probably need some sort of keygrab process like we do for VNC to get this right. Not sure if that's even an option for the VTE widget though.
You don't need to have it directly supported in VTE - virt-manager itself can call the neccessary functions whenever the widget gets keyboard focus. To get a full solution there's basically three things you need todo, disable F10 accelerator, disable global accelerators, and disable menu bar shortcuts. In C code I do:
/* This allows F10 activating menu bar */ g_object_set_property(G_OBJECT(settings), "gtk-menu-bar-accel", &viewer->accelSetting);
/* This allows global accelerators like Ctrl+Q == Quit */ for (accels = viewer->accelList ; accels ; accels = accels->next) { gtk_window_add_accel_group(GTK_WINDOW(viewer->window), accels->data); }
/* This allows menu bar shortcuts like Alt+F == File */ for (i = 0 ; i < LAST_MENU ; i++) { GtkWidget *menu = glade_xml_get_widget(viewer->glade, menuNames[i]); g_signal_handler_disconnect(GTK_OBJECT(menu), viewer->accelMenuSig[i]); }
you can probably figure out the python equivalents
Regards, Daniel
-
Cole Robinson -
Daniel P. Berrange -
Ján ONDREJ (SAL)