From: Cole Robinson <crobinso@redhat.com>
To: arnaud gaboury <arnaud.gaboury@gmail.com>, kvm@vger.kernel.org
Subject: Re: virt-install: failed to initialize KVM: Permission denied
Date: Wed, 20 Aug 2014 11:31:32 -0400 [thread overview]
Message-ID: <53F4BF54.5090604@redhat.com> (raw)
In-Reply-To: <CAK1hC9saU0kknTONHvyzeEWABRncf0gbXQwaQU=OL9yvgey==Q@mail.gmail.com>
On 08/19/2014 02:38 PM, arnaud gaboury wrote:
> $ uname -r
> 3.16.1-1-ARCH
> ---------------------
>
> As a regular user, member of the libvirt group, I run this command to
> create a basic VM:
>
> virt-install --connect qemu:///system --name=test --ram 2048 --cpu
> host-model-only --os-variant=win7 --disk /myVM/test --boot cdrom,hd
> --virt-type kvm --graphics spice --controller scsi,model=virtio-scsi
> --cdrom=/drawer/myIso/w8.iso
>
> It returns an error :
> ------------------------------
> ---
> Starting install...
> ERROR internal error: process exited while connecting to monitor:
> Could not access KVM kernel module: Permission denied
> failed to initialize KVM: Permission denied
> ---------------------------------
>
> $ getfacl /dev/kvm
>
> # file: dev/kvm
> # owner: root
> # group: kvm
> user::rw-
> user:martinus:rw-
> group::rw-
> mask::rw-
> other::---
>
> The command return seems to indicate rights are correct.
> $ lsmod return kvm & kvm_intel are loaded.
>
> If I run the virt-install with qemu:///session, I do not have this
> issue and can create the VM.
>
> I found many entries about the KVM permission issue, but with no clear
> answer to solve it.
>
When connecting to qemu:///system, libvirt does not run VMs as your regular
user. What user libvirtd uses though is dependent on how it's configured. On
Fedora, qemu VMs are run as the 'qemu' user. If that's how it's configured on
your distro, the above permissions would block use of /dev/kvm. Here's how
permissions look on Fedora 20 for me:
$ ls -l /dev/kvm
crw-rw-rw-+ 1 root kvm 10, 232 Aug 8 09:51 /dev/kvm
$ getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: kvm
user::rw-
user:crobinso:rw-
group::rw-
mask::rw-
other::rw-
Those permissive permissions are set by a udev rule installed by qemu-system-x86:
$ cat /lib/udev/rules.d/80-kvm.rules
KERNEL=="kvm", GROUP="kvm", MODE="0666"
So perhaps your distro should do the same.
- Cole
next prev parent reply other threads:[~2014-08-20 15:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-19 18:38 virt-install: failed to initialize KVM: Permission denied arnaud gaboury
2014-08-20 15:31 ` Cole Robinson [this message]
2014-08-20 15:50 ` arnaud gaboury
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53F4BF54.5090604@redhat.com \
--to=crobinso@redhat.com \
--cc=arnaud.gaboury@gmail.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.