[libvirt] [PATCH] polkit: Allow password-less access for 'libvirt' group
Jim Fehlig
jfehlig at suse.com
Wed Apr 29 22:22:37 UTC 2015
Guido Günther wrote:
> On Tue, Apr 28, 2015 at 07:51:11PM -0400, Cole Robinson wrote:
>
>> Many users, who admin their own machines, want to be able to access
>> system libvirtd via tools like virt-manager without having to enter
>> a root password. Just google 'virt-manager without password' and
>> you'll find many hits. I've read at least 5 blog posts over the years
>> describing slightly different ways of achieving this goal.
>>
>> Let's finally add official support for this.
>>
>> Install a polkit-1 rules file granting password-less auth for any user
>> in the new 'libvirt' group. Create the group on RPM install
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=957300
>> ---
>> daemon/50-libvirt.rules | 9 +++++++++
>> daemon/Makefile.am | 13 +++++++++++++
>> libvirt.spec.in | 15 +++++++++++++--
>> 3 files changed, 35 insertions(+), 2 deletions(-)
>> create mode 100644 daemon/50-libvirt.rules
>>
>> diff --git a/daemon/50-libvirt.rules b/daemon/50-libvirt.rules
>> new file mode 100644
>> index 0000000..01a15fa
>> --- /dev/null
>> +++ b/daemon/50-libvirt.rules
>> @@ -0,0 +1,9 @@
>> +// Allow any user in the 'libvirt' group to connect to system libvirtd
>> +// without entering a password.
>> +
>> +polkit.addRule(function(action, subject) {
>> + if (action.id == "org.libvirt.unix.manage" &&
>> + subject.isInGroup("libvirt")) {
>> + return polkit.Result.YES;
>> + }
>> +});
>>
>
> That's what we're shipping in Debian since quiet some time:
>
> https://anonscm.debian.org/cgit/pkg-libvirt/libvirt.git/tree/debian/polkit/60-libvirt.rules
>
Heh, I recently accepted a similar change for openSUSE
https://build.opensuse.org/package/view_file/Virtualization/libvirt/polkit-10-virt.rules?expand=1
Regards,
Jim
More information about the libvir-list
mailing list