[libvirt] [PATCH] Allow polkit auth for VNC and SSH users

Cole Robinson crobinso at redhat.com
Tue Feb 7 17:53:30 UTC 2012


On 02/07/2012 12:08 PM, Eric Blake wrote:
> On 02/07/2012 09:59 AM, Cole Robinson wrote:
>> If you are sitting in front of a physical machine and logged in as
>> a regular user, you can connect to the system libvirtd instance
>> by providing a root password to policykit. This is how most
>> virt-manager users talk to libvirt.
>>
>> However, if you are launching virt-manager over ssh -X, or over
>> VNC started from say /etc/sysconfig/vncservers, our policykit policy
>> rejects the user outright, providing no option to provide the root
>> password. This is confusing to users and doesn't seem to serve much
>> point.
>>
>> Change the policy to allow inactive (VNC) and non-local (SSH, VNC)
>> to provide root credentials for accessing system libvirtd. We use
>> auth_admin rather than auth_admin_keep so that credentials aren't
>> cached at all, and every subsequent reconnection to libvirt requires
>> auth.
>>
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115
>> Similar change to PackageKit policy:
>> https://bugzilla.redhat.com/show_bug.cgi?id=528511
> 
> Interesting read.
> 
>> ---
>>  daemon/libvirtd.policy-0 |    4 ++--
>>  daemon/libvirtd.policy-1 |    4 ++--
>>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> ACK.
> 

Thanks, pushed now.

- Cole




More information about the libvir-list mailing list