[libvirt] [PATCH] Allow polkit auth for VNC and SSH users

Eric Blake eblake at redhat.com
Tue Feb 7 17:08:28 UTC 2012


On 02/07/2012 09:59 AM, Cole Robinson wrote:
> If you are sitting in front of a physical machine and logged in as
> a regular user, you can connect to the system libvirtd instance
> by providing a root password to policykit. This is how most
> virt-manager users talk to libvirt.
> 
> However, if you are launching virt-manager over ssh -X, or over
> VNC started from say /etc/sysconfig/vncservers, our policykit policy
> rejects the user outright, providing no option to provide the root
> password. This is confusing to users and doesn't seem to serve much
> point.
> 
> Change the policy to allow inactive (VNC) and non-local (SSH, VNC)
> to provide root credentials for accessing system libvirtd. We use
> auth_admin rather than auth_admin_keep so that credentials aren't
> cached at all, and every subsequent reconnection to libvirt requires
> auth.
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115
> Similar change to PackageKit policy:
> https://bugzilla.redhat.com/show_bug.cgi?id=528511

Interesting read.

> ---
>  daemon/libvirtd.policy-0 |    4 ++--
>  daemon/libvirtd.policy-1 |    4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)

ACK.

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120207/50269072/attachment-0001.sig>


More information about the libvir-list mailing list