[libvirt] [PATCH] Allow polkit auth for VNC and SSH users
Eric Blake
eblake at redhat.com
Tue Feb 7 17:08:28 UTC 2012
On 02/07/2012 09:59 AM, Cole Robinson wrote:
> If you are sitting in front of a physical machine and logged in as
> a regular user, you can connect to the system libvirtd instance
> by providing a root password to policykit. This is how most
> virt-manager users talk to libvirt.
>
> However, if you are launching virt-manager over ssh -X, or over
> VNC started from say /etc/sysconfig/vncservers, our policykit policy
> rejects the user outright, providing no option to provide the root
> password. This is confusing to users and doesn't seem to serve much
> point.
>
> Change the policy to allow inactive (VNC) and non-local (SSH, VNC)
> to provide root credentials for accessing system libvirtd. We use
> auth_admin rather than auth_admin_keep so that credentials aren't
> cached at all, and every subsequent reconnection to libvirt requires
> auth.
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115
> Similar change to PackageKit policy:
> https://bugzilla.redhat.com/show_bug.cgi?id=528511
Interesting read.
> ---
> daemon/libvirtd.policy-0 | 4 ++--
> daemon/libvirtd.policy-1 | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
ACK.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120207/50269072/attachment-0001.sig>
More information about the libvir-list
mailing list