On 08/19/2014 02:38 PM, arnaud gaboury wrote:
> $ uname -r
> 3.16.1-1-ARCH
> ---------------------
> 
> As a regular user, member of the libvirt group, I run this command to
> create a basic VM:
> 
> virt-install --connect qemu:///system --name=test --ram 2048 --cpu
> host-model-only --os-variant=win7 --disk /myVM/test --boot cdrom,hd
> --virt-type kvm --graphics spice --controller scsi,model=virtio-scsi
> --cdrom=/drawer/myIso/w8.iso
> 
> It returns an error :
> ------------------------------
> ---
> Starting install...
> ERROR    internal error: process exited while connecting to monitor:
> Could not access KVM kernel module: Permission denied
> failed to initialize KVM: Permission denied
> ---------------------------------
> 
> $ getfacl /dev/kvm
> 
> # file: dev/kvm
> # owner: root
> # group: kvm
> user::rw-
> user:martinus:rw-
> group::rw-
> mask::rw-
> other::---
> 
> The command return seems to indicate rights are correct.
> $ lsmod return kvm & kvm_intel are loaded.
> 
> If I run the virt-install with qemu:///session, I do not have this
> issue and can create the VM.
> 
> I found many entries about the KVM permission issue, but with no clear
> answer to solve it.
> 

When connecting to qemu:///system, libvirt does not run VMs as your regular
user. What user libvirtd uses though is dependent on how it's configured. On
Fedora, qemu VMs are run as the 'qemu' user. If that's how it's configured on
your distro, the above permissions would block use of /dev/kvm. Here's how
permissions look on Fedora 20 for me:

$ ls -l /dev/kvm
crw-rw-rw-+ 1 root kvm 10, 232 Aug  8 09:51 /dev/kvm

$ getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: kvm
user::rw-
user:crobinso:rw-
group::rw-
mask::rw-
other::rw-

Those permissive permissions are set by a udev rule installed by 
qemu-system-x86:

$ cat /lib/udev/rules.d/80-kvm.rules
KERNEL=="kvm", GROUP="kvm", MODE="0666"

So perhaps your distro should do the same.

- Cole
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to