[libvirt] [PATCH] Allow polkit auth for VNC and SSH users
Cole Robinson
crobinso at redhat.com
Tue Feb 7 17:53:30 UTC 2012
On 02/07/2012 12:08 PM, Eric Blake wrote:
> On 02/07/2012 09:59 AM, Cole Robinson wrote:
>> If you are sitting in front of a physical machine and logged in as
>> a regular user, you can connect to the system libvirtd instance
>> by providing a root password to policykit. This is how most
>> virt-manager users talk to libvirt.
>>
>> However, if you are launching virt-manager over ssh -X, or over
>> VNC started from say /etc/sysconfig/vncservers, our policykit policy
>> rejects the user outright, providing no option to provide the root
>> password. This is confusing to users and doesn't seem to serve much
>> point.
>>
>> Change the policy to allow inactive (VNC) and non-local (SSH, VNC)
>> to provide root credentials for accessing system libvirtd. We use
>> auth_admin rather than auth_admin_keep so that credentials aren't
>> cached at all, and every subsequent reconnection to libvirt requires
>> auth.
>>
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115
>> Similar change to PackageKit policy:
>> https://bugzilla.redhat.com/show_bug.cgi?id=528511
>
> Interesting read.
>
>> ---
>> daemon/libvirtd.policy-0 | 4 ++--
>> daemon/libvirtd.policy-1 | 4 ++--
>> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> ACK.
>
Thanks, pushed now.
- Cole
More information about the libvir-list
mailing list