Accessing and Using Virt-Manager Without Root Credentials

This seems to be a common question on the Internet, so I thought I’d cross-post my solution in the ask.fedoraproject.org forum:

With Fedora 20, virt-manager implements PolicyKit (I recommend reading the man page). If you want to allow a certain group of users access to virt-manager without providing root credentials, you can create a new rules file in /etc/polkit-1/rules.d and add a rule to permit users who are local, logged in, and in the group you specify (wheel in the example below) access to the virt-manager software.

sudo vim /etc/polkit-1/rules.d/80-libvirt.rules

And then write:

polkit.addRule(function(action, subject) {
  if (action.id == "org.libvirt.unix.manage" && subject.local && subject.active && subject.isInGroup("wheel")) { 
  return polkit.Result.YES; 
  } 
});

(That particular example syntax was taken from this fine site)

Save and close the file. The libvirtd daemon monitors the rules.d directory for changed content and automatically reloads the rules if changes are detected, so you don’t need to reload the process with systemctl. If you’ve done it right, you should see that you can now launch virt-manager as the user(s) in the group you specified.

Additionally, if you are switching from VirtualBox to KVM as the user is doing in the ask.fedoraproject.org forum inquiry, bravo!  You won’t be disappointed.  VirtualBox is a type 2 hypervisor which runs as an application in the host operating system.  KVM is much closer to (if not genuinely) a type 1 hypervisor, which interacts directly with the hardware.  As a result, you see performance differences like these.

Advertisements
This entry was posted in Information Technology and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s