Permissions issues with qemu-system-x86_64

[xlash123]

When running the provided run command: sudo docker run --privileged -v /tmp/.X11-unix:/tmp/.X11-unix sickcodes/docker-osx, I get the following errors:

qemu-system-x86_64: warning: dbind: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-r7nn5J3cVN: Connection refused
Could not access KVM kernel module: Permission denied
qemu-system-x86_64: failed to initialize kvm: Permission denied

I'm not sure what I did wrong. Even running the docker command with sudo doesn't do anything (not that I really expected it to).

The image I pulled is the one from Docker Hub of digest starting with 0eea6e25babb.

I'm running this with Docker CE version 19.03.11, build 42e35e61f3 on Ubuntu 18.04.

[sickcodes]

I've just checked the Docker Hub version and it works for me.

I added some KVM instructions to the readme.

Try the KVM section of the readme and you should be good to go.

[xlash123]

Ah, ok. I didn't know I needed to have that stuff installed as well on the host. I will test it out.

[ghost]

I'm also having the issue. It seems that arch isn't added to the kvm and libvirtd groups and doesn't have permission to use kvm.
EDIT: also /dev/kvm needs to be owned by the kvm group

[roryrjb]

You may have more luck with something like this:

$ docker run --privileged --net host --cap-add=ALL -v /tmp/.X11-unix:/tmp/.X11-unix -v /dev:/dev -v /lib/modules:/lib/modules sickcodes/docker-osx

[xlash123]

I have installed those dependencies and ran the systemctl commands and rebooted, but there's a new error now:

Unable to init server: Could not connect: Connection refused
Could not access KVM kernel module: Permission denied
qemu-system-x86_64: failed to initialize kvm: Permission denied

I noticed that one of the services that you said to start, virtlogd, doesn't seem to want to start. When running service --status-all, I get (for related services):

 [ + ]  docker
 [ + ]  libvirt-guests
 [ + ]  libvirtd
 [ - ]  virtlogd

The log for that service is:

Jun 04 13:51:04 [redacted] systemd[1]: Started Virtual machine log manager.
Jun 04 13:51:59 [redacted] systemd[1]: Stopping Virtual machine log manager...
Jun 04 13:51:59 [redacted] systemd[1]: Stopped Virtual machine log manager.

Any ideas on where to go from here?

[sickcodes]

Check if your hardware virt is on
egrep -c '(svm|vmx)' /proc/cpuinfo

Try this
sudo usermod -aG docker $USER

Turn on docker daemon
sudo nohup dockerd &

[xlash123]

@sickcodes, I already have virt turned on, docker daemon running, and am part of the docker user group.

The connection refused error went away (not sure how), but the permissions error is still there. Could it be that the user running in the Docker container is trying to use kvm on my machine, but it's not in the user group for KVM, so it fails? I noticed I get the same permissions error when I run kvm on my machine, but since I added myself to the usergroup, the error went away.

[sickcodes]

Try adding all these:
sudo apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager uml-utilities libguestfs-tools

EDIT: not required, see below for anyone reading.

[luposlip]

I've tried anything in the README and here, and (also) still have the same issue:

docker run --privileged -v /tmp/.X11-unix:/tmp/.X11-unix sickcodes/docker-osx
No protocol specified
Unable to init server: Could not connect: Connection refused
Could not access KVM kernel module: Permission denied
qemu-system-x86_64: failed to initialize kvm: Permission denied

Ubuntu (Pop! OS) 20.04 BTW

[ghost]

@sickcodes

• arch isn't a member of the kvm and libvirtd groups

• /dev/kvm needs to be owned by the kvm group

those two issues cause the permission denied error

[xlash123]

Why are we running qemu on the host? Can't that go inside the Docker container?

[luposlip]

Just tried ghgrp kvm /dev/kvm. Now ls -la /dev/kvm reveals:

crw-rw----+ 1 root kvm 10, 232 Jun  4 20:56 /dev/kvm

Still same error.

[sickcodes]

Mines like this
crw-rw-rw- 1 root kvm 10, 232 Jun 5 03:20 kvm

Try this:

sudo ghgrp kvm /dev/kvm
sudo chmod 666 /dev/kvm

[Write]

You may have more luck with something like this:

$ docker run --privileged --net host --cap-add=ALL -v /tmp/.X11-unix:/tmp/.X11-unix -v /dev:/dev -v /lib/modules:/lib/modules sickcodes/docker-osx

Thanks, it worked for me. Ubuntu 20.04
I still had to sudo and get a few 'errors' but at least QEMU launched and macOS is loading

sudo docker run --privileged --net host --cap-add=ALL -v /tmp/.X11-unix:/tmp/.X11-unix -v /dev:/dev -v /lib/modules:/lib/modules sickcodes/docker-osx
QEMU 5.0.0 monitor - type 'help' for more information
(qemu) ALSA lib pcm_dmix.c:1089:(snd_pcm_dmix_open) unable to open slave
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib pcm_dmix.c:1089:(snd_pcm_dmix_open) unable to open slave
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `dac'
ALSA lib pcm_dsnoop.c:641:(snd_pcm_dsnoop_open) unable to open slave
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib pcm_dsnoop.c:641:(snd_pcm_dsnoop_open) unable to open slave
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `adc'

[sickcodes]

These steps should set your host up for the QEMU on https://help.ubuntu.com/community/KVM/Installation

[xlash123]

I got it working after running sudo chmod 666 /dev/kvm and using docker run --privileged --net host --cap-add=ALL -v /tmp/.X11-unix:/tmp/.X11-unix -v /dev:/dev -v /lib/modules:/lib/modules sickcodes/docker-osx to start it. I'll try to isolate exactly what combination of tricks here got it to work.

[xlash123]

Using the original run command docker run --privileged -v /tmp/.X11-unix:/tmp/.X11-unix sickcodes/docker-osx did not work. I had to use @roryrjb 's command. I did not need sudo for it to work.

For as much as I can tell, I only needed to run the following commands to get it working:

sudo chmod 666 /dev/kvm
docker run --privileged --net host --cap-add=ALL -v /tmp/.X11-unix:/tmp/.X11-unix -v /dev:/dev -v /lib/modules:/lib/modules sickcodes/docker-osx

It's hard for me to exactly narrow down what needs to be run because I'd have to undo some of the other suggestion to see where it breaks. Hopefully this is all that's needed.

[sickcodes]

Good to hear mate, I've added those tips to the troubleshooting page.

It's probably both of those commands that you need might need, someone else might have a better answer to why.

[xlash123]

Also, after a relog/restart, I had to rerun sudo chmod 666 /dev/kvm to get it to work again.

[sickcodes]

Sticky tape fix but:
printf '\n%s\n' "sudo chmod 666 /dev/kvm" >> ~/.bashrc

It will turn on every relog.

or just edit it and add that at the bottom.

Something else might be fiddling with the permissions on reboot.

[luposlip]

After trying everything above - including following the qemu guide, this is the best I can get:

docker run --privileged -v /tmp/.X11-unix:/tmp/.X11-unix sickcodes/docker-osx
[sudo] password for luposlip: 
No protocol specified
Unable to init server: Could not connect: Connection refused
QEMU 5.0.0 monitor - type 'help' for more information
(qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5181:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2642:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5181:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2642:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `dac'
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5181:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2642:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5181:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2642:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `adc'
gtk initialization failed

Seems like a lot of audio issues, I have alsa installed, and can restart it without errors with sudo alsa reload.

Plus the last gtk.

[sickcodes]

Ignore the alsa utils error, it will always be there unless I change the OpenBoot-Core.sh script from upstream repo.

Regarding the gtk error
Show the output of these:

pgrep -a X
echo $DISPLAY
echo $TERM

My output is:

1858 /usr/lib/Xorg -nolisten tcp :0 vt1
:0.0

Are you running Wayland window manager?

[luposlip]

Mine is:

1228 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/110/gdm/Xauthority -background none -noreset -keeptty -verbose 3
25016 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3
35947 /usr/lib/virtualbox/VBoxXPCOMIPCD
:1
xterm-256color

I'm using the default Pop! OS windows manager (not sure which one that is).

[muedie]

Same issue here, outputs of above:

805 /usr/lib/Xorg -nolisten tcp -auth /var/run/sddm/{435e64b6-b308-4c8b-bafc-719e3f9be6c8} -background none -noreset -displayfd 17 -seat seat0 vt1
:0
xterm-256color

running manjaro-kde

[mtdlewald]

Same issue here running i3 on Arch
658 /usr/lib/Xorg -nolisten tcp -auth /var/run/sddm/{b0ec8f2a-fcc9-4dc4-9ef6-61b57a970849} -background none -noreset -displayfd 17 -seat seat0 vt1
:0
alacritty

[sickcodes]

Does this alternative application run without the error?

docker run -it -v /tmp/.X11-unix:/tmp/.X11-unix tukiyo3/teamviewer15

If you get the same error then it might have something to do with the x11 folder or the display number

In the dockerfile, you can change the :0.0 to :0

That might work but it will take half an hour to build so I apologize in advance if it’s not the solution.

Might have to dig deeper into the GTK error, could be missing some host libs since I am using Xfce and it’s window mananger compositor.

Try pulling the image again as well just in case.

Try installing virt-manager on the host. What does virt-manager look like on you guys’ displays?

If all else fails, try installing the AUR qt5 virt mananger it takes like 20 mins but it fills all the lib gaps, if there are any.

I’ll b back in a few hours though

[sickcodes]

Mine is:

1228 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/110/gdm/Xauthority -background none -noreset -keeptty -verbose 3
25016 /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -background none -noreset -keeptty -verbose 3
35947 /usr/lib/virtualbox/VBoxXPCOMIPCD
:1
xterm-256color

I'm using the default Pop! OS windows manager (not sure which one that is).

The dockerfile is trying to display on :0.0 but your desktop is running in :1. I will add the optional display argument.

If you want to build it now, just edit the Dockerfile and change the display env variable near the bottom to whichever number display you have. I again apologize if that’s not the error though but some other debugging messages might pop up during the build too and that could help.

[luposlip]

I'll try tomorrow, it's getting really late now in Europe ;)

[muedie]

Output of running teamviewer:

Starting teamviewerd.............


Init...
CheckCPU: SSE2 support: yes
Checking setup...
Launching TeamViewer ...
Launching TeamViewer GUI ...
Aborted (core dumped)

Tried passing DISPLAY=:0 from docker flags as well --env DISPLAY=:0
& installed qt-virt-manager still no luck

[sickcodes]

Ok it's an env issue, changing it now to always choose whichever display you're looking at

[stormfleet]

In case anyone is a major bogus numpty like me - everyone here is getting qemu-system-x86_64: Permission denied, that is not the same as #qemu-system-x86_64: failed to initialize kvm: Device or resource busy # qemu-system-x86_64: falling back to tcg. You can't have VirtualBox or any other virtualisation software running at the same time, so closing VBox in my case solved this, and then @roryrjb's comment worked fine along with the chmod 666 /dev/kvm.