From 4df047cf76c369203419054742af8015cadeafa0 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 28 Jul 2025 18:18:35 -0500 Subject: [PATCH] r/vmhost: Disable DynamicUsers for vm-autostart _libvirt_ has gone full Polkit, which doesn't work with systemd dynamic users. So, we have to run `vm-autostart` as root (with no special OS-level privileges) in order for Polkit to authorize the connection to the daemon socket. --- roles/vmhost/files/vm-autostart.service | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/vmhost/files/vm-autostart.service b/roles/vmhost/files/vm-autostart.service index 1b832cf..1497cd1 100644 --- a/roles/vmhost/files/vm-autostart.service +++ b/roles/vmhost/files/vm-autostart.service @@ -12,8 +12,6 @@ Environment=LIBVIRT_DEFAULT_URI=qemu:///system ExecStart=/usr/local/libexec/vm-autostart.sh Restart=on-failure -DynamicUser=yes -SupplementaryGroups=libvirt CapabilityBoundingSet= DeviceAllow= DevicePolicy=closed