Error connecting to graphical console

[GentleHoneyLover]

Thanks for the container! The idea is brilliant!

I have an issue, though. Container starts and I can make the connection (to qemu:///session). I can see my VMs and can start and stop them. However, when I try to open any VM I get Error connecting to graphical console: Failed to recv file descriptor: Permission denied.

I'm running Ubuntu 20.04 on the host. I can successfully connect to all my VMs via a remote virtual-manager connection from another Ubuntu machine — so my QEMU/KVM config should be fine I guess.

What could I be missing here? Pleas point me to the right direction! Thanks in advance!

Here's my docker-compose:

  virt-manager:
    container_name: virt-manager
    image: docker.io/mber5/virt-manager
    restart: unless-stopped
    environment:
      - DARK_MODE=false
      - HOSTS="['qemu:///session']"
    ports:
      - 8185:80
    volumes:
      - /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock
      - /var/lib/libvirt/images:/var/lib/libvirt/images
    devices:
      - /dev/kvm:/dev/kvm

[m-bers]

I think this might be related to another issue https://github.com/m-bers/docker-virt-manager/issues/4

Basically on Ubuntu and other distros that use AppArmor policies, the docker user does not belong to the libvirt group so you need to add privileged: true to the compose file. This is also documented in the README.

[GentleHoneyLover]

Thanks! That worked. Not an ideal solution though... Have you come cross any other solutions/workarounds without employing the privileged mode?

Would simply adding docker user to libvirt group solve it?

[m-bers]

I tried just adding the docker user to the libvirt group and it didn't work for me, but YMMV. Docker does support custom AppArmor policies but I'm not well versed enough in AppArmor to attempt it: https://docs.docker.com/engine/security/apparmor/

The other thing you can try that should be reliable is just an ssh connection to the local libvirt session.