-
Notifications
You must be signed in to change notification settings - Fork 498
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
qemu_use_session triggers polkit action to acquire access to qemu:///system #1808
Comments
Follow up on the virtual machine bring-up: it seems that
|
This is with libvirt-10 on openSUSE Leap 15.5 (with a fix for https://bugzilla.opensuse.org/show_bug.cgi?id=1219986 applied). Will soon try with libvirt-9. |
Detection of network connections via system is broken, but directly querying libvirt is working properly. Using the system connection with qemu_use_session is enabled will lead to polkit trying to acquire root privileges, which is unavailable in some setups. The client is nowadays capable of enumerating the network devices as unprivileged user. Fixes vagrant-libvirt#1808.
It should be possible to get read-only access to the system connection to read network information as a user. This sounds more like opensuse polkit is broken, as removing the opening of read-only system connection to read the network when session is used will simply break for all other distros. |
@electrofelix unfortunately not, polkit is working:
If the user is not a member of |
When setting
qemu_use_session = true
I get an error about polkit being unavailable (on a minimal headless machine) to acquire root privileges to accessqemu:///system
.Checking the driver it comes from this part of the code:
vagrant-libvirt/lib/vagrant-libvirt/driver.rb
Lines 200 to 206 in a94ce0d
In fact, switching the lines as per
makes the machine come up as an unprivileged user with networking working.
A Vagrantfile to reproduce the issue:
Full disclosure, afterwards vagrant kills the machine again due to this:
But I was able to connect to the VM via VNC and check the network.
The text was updated successfully, but these errors were encountered: