[Libguestfs] [libvirt] Proposed libguestfs API for implementing libvirt virConnectOpenAuth

Richard W.M. Jones rjones at redhat.com
Mon Oct 15 08:01:44 UTC 2012 

On Sun, Oct 14, 2012 at 07:44:44PM -0400, Cole Robinson wrote:
> On 10/13/2012 05:31 AM, Richard W.M. Jones wrote:
> 
> > 
> > Does libvirt (or policy kit?) provide any mechanism for caching these
> > credentials within the same process, so that we don't have to provide
> > the same creds back to libvirt for multiple connections?
> > 
> 
> Yeah, that's the 'keep' in 'auth_admin_keep' in libvirt's policykit rules:
> 
> http://libvirt.org/git/?p=libvirt.git;a=blob;f=daemon/libvirtd.policy.in
> 
> But libvirt only enables it for local, active sessions, which doesn't include
> SSH logins for example. libvirt should s/auth_admin/auth_admin_keep/g

So if I understand correctly, how about this patch?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
-------------- next part --------------
From 9eea45e80ad80283f1a89f792bcf0c174818f4a2 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Mon, 15 Oct 2012 09:01:13 +0100
Subject: [PATCH] daemon: Make the default PolicyKit policy auth_admin_keep.

---
 daemon/libvirtd.policy.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/daemon/libvirtd.policy.in b/daemon/libvirtd.policy.in
index 000c17e..df42e5f 100644
--- a/daemon/libvirtd.policy.in
+++ b/daemon/libvirtd.policy.in
@@ -31,8 +31,8 @@ version 2. See COPYING for details.
       <defaults>
         <!-- Any program can use libvirt in read/write mode if they
              provide the root password -->
-        <allow_any>auth_admin</allow_any>
-        <allow_inactive>auth_admin</allow_inactive>
+        <allow_any>@authaction@</allow_any>
+        <allow_inactive>@authaction@</allow_inactive>
         <allow_active>@authaction@</allow_active>
       </defaults>
     </action>
-- 
1.7.11.4

More information about the Libguestfs mailing list