Accessing and Using Virt-Manager Without Root Credentials

This seems to be a common question on the Internet, so I thought I’d cross-post my solution in the forum:

With Fedora 20, virt-manager implements PolicyKit (I recommend reading the man page). If you want to allow a certain group of users access to virt-manager without providing root credentials, you can create a new rules file in /etc/polkit-1/rules.d and add a rule to permit users who are local, logged in, and in the group you specify (wheel in the example below) access to the virt-manager software.

sudo vim /etc/polkit-1/rules.d/80-libvirt.rules

And then write:

polkit.addRule(function(action, subject) {
  if ( == "org.libvirt.unix.manage" && subject.local && && subject.isInGroup("wheel")) { 
  return polkit.Result.YES; 

(That particular example syntax was taken from this fine site)

Save and close the file. The libvirtd daemon monitors the rules.d directory for changed content and automatically reloads the rules if changes are detected, so you don’t need to reload the process with systemctl. If you’ve done it right, you should see that you can now launch virt-manager as the user(s) in the group you specified.

Additionally, if you are switching from VirtualBox to KVM as the user is doing in the forum inquiry, bravo!  You won’t be disappointed.  VirtualBox is a type 2 hypervisor which runs as an application in the host operating system.  KVM is much closer to (if not genuinely) a type 1 hypervisor, which interacts directly with the hardware.  As a result, you see performance differences like these.

This entry was posted in Information Technology and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s