Redirecting USB device to a virtual machine with virt-manager does not work

Romain Deterre

11/30/22, 8:05 PM

I have a Fedora workstation running an Ubuntu 16.04 virtual machine (KVM hypervisor). I'd like to redirect a USB device to the VM, but when selecting "Virtual Machine | Redirect USB device" from virt-manager, I get the following error:

spice-client-error-quark: Could not redirect <USB device name> at 1-4:
Error setting USB device node ACL: 'Not authorized' (0)

The error window has a "Details" section which just reads "USB redirection error".

Here is what I've tried so far, without success:

As suggested here, I created a /etc/udev/rules.d/50-spice.rules file with the following contents, then created a `spice` group and added my user to this group
```
SUBSYSTEM=="usb", GROUP="spice", MODE="0660"
SUBSYSTEM=="usb_device", GROUP="spice", MODE="0660"
```
Downgraded spice-gtk from the latest version of Fedora 33 (0.39-1) to 0.38-3.
Disabled selinux
sudo chmod 4755 /usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper
Upgraded to Fedora 34 which comes with spice-gtk 0.39-2

2539

1 + 0

usb

libvirt

kvm-virtualization

Score:2

Server

Romain Deterre

12/1/22, 4:00 PM

The solution for me was to create the /etc/udev/rules.d/50-spice.rules files, then to add <allow_any>yes</allow_any> under the <defaults> section in /usr/share/polkit-1/actions/org.spice-space.lowlevelusbaccess.policy. After modification, the file looks like this on my machine:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
          "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
          "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>

  <vendor>The Spice Project</vendor>
  <vendor_url>http://spice-space.org/</vendor_url>
  <icon_name>spice</icon_name>

  <action id="org.spice-space.lowlevelusbaccess">
    <description>Low level USB device access</description>
    <message>Privileges are required for low level USB device access (for usb device pass through).</message>
    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

</policyconfig>

0 + 0

Score:1

Server

simon

5/7/23, 6:13 PM

More correct should be: (depends on linux distribution):

file: /etc/polkit-default-privs/local or /etc/polkit-default-privs.local

add to the file the line (or generate the file/directory): org.spice-space.lowlevelusbaccess yes:no:yes

after this run: /sbin/set_polkit_default_privs

if opensuse then in addition:

in the file /etc/permissions.local add the line: /usr/bin/spice-client-glib-usb-acl-helper root:root 4755 after this run: chkstat --system --set

simoN

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Redirecting USB device to a virtual machine with virt-manager does not work

TH: การเปลี่ยนเส้นทางอุปกรณ์ USB ไปยังเครื่องเสมือนด้วย virt-manager ไม่ทำงาน

RO: Redirecționarea dispozitivului USB către o mașină virtuală cu virt-manager nu funcționează

RU: Перенаправление USB-устройства на виртуальную машину с помощью virt-manager не работает

VI: Chuyển hướng thiết bị USB sang máy ảo bằng trình quản lý tài năng không hoạt động

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.