5:22 a.m.
Hello,
after rebuild for F10 works well, just root password is not required when
started. I think this is a feature and I am happy, that I don't need always
click to run without privileges, but there is one problem.
Starting an domain starts my serial console owned by root and is not
accesssible from virt-manager (virt-viewer). After changing ownership it's
immediatelly available. Is it possible to change this in time of virtual
machine creation? (in libvirt or where?)
Another feature enhacement can be adding "Serial 0" tab automatically,
when there is no Console available for guest. Message "Console not
configured for guest" can be sometimes misinterpretated, because I can have
serial console for my guest. I prefer to use serial consoles, because they
do not need to install graphical environment on host. They have multiple
advantages, like access from another machine using serial or ipmi console,
viewing crash status, when host crashes, ...
And last possible enhancement: when pressing F10 key in guest's serial
console, is it possible to avoid opening of "File menu" and send this key to
serial 0, as it is done in VGA console?
Thank you.
SAL
11:45 a.m.
New subject: [ANNOUNCE] New release virt-manager 0.7.0
Jan ONDREJ (SAL) wrote:
Hello,
after rebuild for F10 works well, just root password is not required when
started. I think this is a feature and I am happy, that I don't need always
click to run without privileges, but there is one problem.
Starting an domain starts my serial console owned by root and is not
accesssible from virt-manager (virt-viewer). After changing ownership it's
immediatelly available. Is it possible to change this in time of virtual
machine creation? (in libvirt or where?)
Yes, this is one of the drawbacks of not running virt-manager as root:
since the qemu:///system libvirt connection will launch your guests as
root, a regular user won't be able to access ptys.
I don't know of a proper solution to it all, other then running the app
as root or changing the the pty permissions as you did.
Another feature enhacement can be adding "Serial 0" tab
automatically,
when there is no Console available for guest. Message "Console not
configured for guest" can be sometimes misinterpretated, because I can have
serial console for my guest.
I see what you mean. The wording could certainly be better, and It would
make sense to try to connect to the serial console if no graphics device
is attached. Thanks for the idea.
I prefer to use serial consoles, because they
do not need to install graphical environment on host. They have
multiple
advantages, like access from another machine using serial or ipmi console,
viewing crash status, when host crashes, ...
And last possible enhancement: when pressing F10 key in guest's serial
console, is it possible to avoid opening of "File menu" and send this key to
serial 0, as it is done in VGA console?
We would probably need some sort of keygrab process like we do for VNC
to get this right. Not sure if that's even an option for the VTE widget
though.
Thanks,
Cole
12:55 p.m.
New subject: [ANNOUNCE] New release virt-manager 0.7.0
Hello,
thank you for positive reply.
On Fri, Mar 13, 2009 at 12:45:56PM -0400, Cole Robinson wrote:
Jan ONDREJ (SAL) wrote:
> Starting an domain starts my serial console owned by root and is not
> accesssible from virt-manager (virt-viewer). After changing ownership it's
> immediatelly available. Is it possible to change this in time of virtual
> machine creation? (in libvirt or where?)
>
Yes, this is one of the drawbacks of not running virt-manager as root:
since the qemu:///system libvirt connection will launch your guests as
root, a regular user won't be able to access ptys.
I don't know of a proper solution to it all, other then running the app
as root or changing the the pty permissions as you did.
Is it known to libvirt, who is user which is starting virtual machine? Can
libvirt change ownership of this pty back to user? Root do not need to be
owner of this file to access it, he can access any file, but user needs.
Another solution can be to change permissions on pty to 660, leave group to
tty or change it to a value defined in libvirtd.conf.
Is it possible?
SAL
1:06 p.m.
New subject: [ANNOUNCE] New release virt-manager 0.7.0
Jan ONDREJ (SAL) wrote:
Hello,
thank you for positive reply.
On Fri, Mar 13, 2009 at 12:45:56PM -0400, Cole Robinson wrote:
> Jan ONDREJ (SAL) wrote:
>> Starting an domain starts my serial console owned by root and is not
>> accesssible from virt-manager (virt-viewer). After changing ownership it's
>> immediatelly available. Is it possible to change this in time of virtual
>> machine creation? (in libvirt or where?)
>>
> Yes, this is one of the drawbacks of not running virt-manager as root:
> since the qemu:///system libvirt connection will launch your guests as
> root, a regular user won't be able to access ptys.
>
> I don't know of a proper solution to it all, other then running the app
> as root or changing the the pty permissions as you did.
Is it known to libvirt, who is user which is starting virtual machine? Can
libvirt change ownership of this pty back to user? Root do not need to be
owner of this file to access it, he can access any file, but user needs.
I'm pretty sure libvirt doesn't know the actual user who is connecting
via PolicyKit: it all looks like root after the authentication.
Another solution can be to change permissions on pty to 660, leave
group to
tty or change it to a value defined in libvirtd.conf.
This doesn't sound unreasonable, you'd probably want to bring it up on
libvir-list or file a bug though.
Thanks,
Cole
4:14 a.m.
New subject: [ANNOUNCE] New release virt-manager 0.7.0
On Fri, Mar 13, 2009 at 12:45:56PM -0400, Cole Robinson wrote:
Jan ONDREJ (SAL) wrote:
> Hello,
>
> after rebuild for F10 works well, just root password is not required when
> started. I think this is a feature and I am happy, that I don't need always
> click to run without privileges, but there is one problem.
>
> Starting an domain starts my serial console owned by root and is not
> accesssible from virt-manager (virt-viewer). After changing ownership it's
> immediatelly available. Is it possible to change this in time of virtual
> machine creation? (in libvirt or where?)
>
Yes, this is one of the drawbacks of not running virt-manager as root:
since the qemu:///system libvirt connection will launch your guests as
root, a regular user won't be able to access ptys.
I don't know of a proper solution to it all, other then running the app
as root or changing the the pty permissions as you did.
It is not worth running root just to get access to the serial PTYs. If
we want to kep accessing PTYs directly, then perhaps make them use a TCP
socket on localhost, instead of a PTY. The real solution though is to
get the serial datastream tunneled over the VNC connection. I want this
to be a goal for F12 - most of the work for that will be in KVM /GTK-VNc
space, then it'll mostly 'just work' for virt-manager.
> And last possible enhancement: when pressing F10 key in
guest's serial
> console, is it possible to avoid opening of "File menu" and send this key
to
> serial 0, as it is done in VGA console?
>
We would probably need some sort of keygrab process like we do for VNC
to get this right. Not sure if that's even an option for the VTE widget
though.
You don't need to have it directly supported in VTE - virt-manager itself
can call the neccessary functions whenever the widget gets keyboard
focus. To get a full solution there's basically three things you need
todo, disable F10 accelerator, disable global accelerators, and disable
menu bar shortcuts. In C code I do:
/* This allows F10 activating menu bar */
g_object_set_property(G_OBJECT(settings), "gtk-menu-bar-accel",
&viewer->accelSetting);
/* This allows global accelerators like Ctrl+Q == Quit */
for (accels = viewer->accelList ; accels ; accels = accels->next) {
gtk_window_add_accel_group(GTK_WINDOW(viewer->window),
accels->data);
}
/* This allows menu bar shortcuts like Alt+F == File */
for (i = 0 ; i < LAST_MENU ; i++) {
GtkWidget *menu = glade_xml_get_widget(viewer->glade, menuNames[i]);
g_signal_handler_disconnect(GTK_OBJECT(menu),
viewer->accelMenuSig[i]);
}
you can probably figure out the python equivalents
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
5519
days inactive
5524
days old
4 comments
3 participants
participants (3)
-
Cole Robinson -
Daniel P. Berrange -
Ján ONDREJ (SAL)