[PATCH] polkit: Allow libvirt group access to libvirtd ro socket
Jim Fehlig
jfehlig at suse.com
Tue Dec 1 21:22:34 UTC 2020
On 12/1/20 2:17 AM, Daniel P. Berrangé wrote:
> On Mon, Nov 30, 2020 at 05:28:16PM -0700, Jim Fehlig wrote:
>> As a normal user, 'virsh connect qemu:///system' and
>> 'virsh connect --readonly qemu:///system' will prompt for root password.
>> If the user is added to the libvirt group, only
>> 'virsh connect --readonly qemu:///system' will prompt for root password.
>
> This doesn't make sense - the readonly case should never prompt for
> a password, since libvirtd.polkit.in grants that permission out of
> the box.
I thought something smelled a bit fishy. I meant to annotate the patch with "It
is possible I have a broader polkit config issue", but forgot before sending it
last night.
And indeed after looking again today with fresh eyes I see the problem is in our
polkit-default-privs package -> downstream bug. Ignore this patch.
Regards,
Jim
More information about the libvir-list
mailing list