[virt-tools-list] permission denied for non-root virsh create

[Cole Robinson]

On 04/19/2011 01:27 AM, Shantanu Pavgi wrote:
> Hi,
> 
> I am getting some 'permission denied' issues with libvirt/qemu while trying to
> create new VMs as a non-root user. The username trying to create these new VMs
> is part of the 'kvm' unix group and the 'kvm' group has rw permissions in the
> libvirtd.conf as: 
> {{{
> unix_sock_group = "kvm"
> unix_sock_rw_perms = "0770"
> }}}
> 
> Following is the error I received: 
> {{{
> $ virsh create /tmp/clearos2.xml 
> 23:34:29.227: error : internal error Failed to add tap interface 'vnet%d' to
> bridge 'br0' : Permission denied
> libvir: QEMU error : internal error Failed to add tap interface 'vnet%d' to
> bridge 'br0' : Permission denied
> error: Failed to create domain from /tmp/clearos2.xml
> error: internal error Failed to add tap interface 'vnet%d' to bridge 'br0' :
> Permission denied
> }}}
> 

What's the output of 'virsh uri'? It's probably defaulting to qemu:///session,
which runs libvirtd as your regular user, which won't have perms to mess with br0.

Try 'virsh --connect qemu:///system create <xmlfile>'

- Cole

> I don't see any related logs in the libvirtd.log even at debug level.  Also, I
> have used OpenNebula cloud computing toolkit (http://opennebula.org/) with
> this KVM-libvirt install and it is able to create new VMs without root access.
> The OpenNebula uses libvirt API to interact with hypervisor so I am guessing
> libvirt configuration is fine. The OpenNebula user is part of the 'kvm' unix
> group as well and it does not have any other special privileges. 
> 
> Is this error coming from qemu or virt-tools/virsh?  Any pointers on how to
> debug this will be really helpful. 
> 
> System Info: CentOS 5.5 64-bit, KVM/kvm-qemu 83-164.el5, libvirt
> 0.6.3-33.el5_5.3. 
> 
> Thanks,
> Shantanu. 
> 
> 
> 
> _______________________________________________
> virt-tools-list mailing list
> virt-tools-list at redhat.com
> https://www.redhat.com/mailman/listinfo/virt-tools-list