[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] PATCH: Misc changes to policykit policy file



On Wed, Jul 09, 2008 at 10:37:27AM +0100, Daniel P. Berrange wrote:
> After discussions with policykit maintainers I've come to the conclusion
> that it is better for security if we default to 'auth_admin_keep_sesion'
> instead of 'auth_self_keep_session'. ie prompt for the root password (ala
> 'su') instead of the user's password (ala 'sudo'). This is because having
> access to libvirtd gives you very significant power over the host machine.
> 
> Secondly, newer versions of policykit have imposed a naming constraint on
> policy files, so when we install our policy it needs to be in a file called
> org.libvirt.unix.policy, instead of just libvirt.policy. So there's a change
> to the Makefile to support this.

  Okay, sounds fine, +1

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]