Libvirt polkit rule doesnt work?

I created a polkit rule to allow all users in the libvirt group to execute org.libvirt.unix.manage. The KDE password prompt shows the exact polkit action (another area of empowering UI :wink:)

So I added this rule

cat /etc/polkit-1/rules.s/org.libvirt.unix.manage.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.libvirt.unix.manage" &&
        subject.isInGroup("libvirt")) {
        return polkit.Result.YES;
    }
});

Added my user to the group

sudo -i

groupadd libvirt
usermod -aG libvirt user

But I get this??

groups
user user user user

And no matter how often I repeat, my user doesnt seem to get added to that group, whereas flatpak and plugdev do.

Did you logout and login again after usermod command?

1 Like

I always run that command as usermod -a -G libvirt user (note that the options are separated)

You can also check very easily if the user is added to the group by running grep user /etc/group to see exactly which groups that user is a member of.

$ groups
ME wheel cdrom dialout audio vboxusers boinc libvirt pipewire
$ grep ME /etc/group
wheel:x:10:ME
cdrom:x:11:ME
dialout:x:18:ME
audio:x:63:ME
pipewire:x:992:ME
libvirt:x:985:ME
ME:x:1000:
boinc:x:975:ME
vboxusers:x:970:ME

As noted adding a user to a group does not take effect until that user logs out and back in. Opening a new terminal does not count in this respect.

2 Likes

I always run it as gpasswd -a user libvirt, it doesn’t have a chance to wipe all the user’s groups in case of an accidental missing option.

3 Likes
>> sudo groupadd libvirt
# group already exists

>> sudo usermod -aG libvirt user
>> sudo usermod -a -G libvirt user
>> sudo usermod -aG libvirt $USER

# reboot

>> id
uid=1001(user) gid=1001(user) Gruppen=1001(user),10(wheel),1000(admin),1002(plugdev) Kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

>> groups
user wheel admin plugdev
>> gpasswd -a user libvirt
gpasswd: Group »libvirt« does not exist in /etc/group.