[libvirt] PATCH: Misc changes to policykit policy file
Daniel Veillard
veillard at redhat.com
Wed Jul 9 10:25:43 UTC 2008
On Wed, Jul 09, 2008 at 10:37:27AM +0100, Daniel P. Berrange wrote:
> After discussions with policykit maintainers I've come to the conclusion
> that it is better for security if we default to 'auth_admin_keep_sesion'
> instead of 'auth_self_keep_session'. ie prompt for the root password (ala
> 'su') instead of the user's password (ala 'sudo'). This is because having
> access to libvirtd gives you very significant power over the host machine.
>
> Secondly, newer versions of policykit have imposed a naming constraint on
> policy files, so when we install our policy it needs to be in a file called
> org.libvirt.unix.policy, instead of just libvirt.policy. So there's a change
> to the Makefile to support this.
Okay, sounds fine, +1
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
More information about the libvir-list
mailing list