[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Allow polkit auth for VNC and SSH users



On 02/07/2012 09:59 AM, Cole Robinson wrote:
> If you are sitting in front of a physical machine and logged in as
> a regular user, you can connect to the system libvirtd instance
> by providing a root password to policykit. This is how most
> virt-manager users talk to libvirt.
> 
> However, if you are launching virt-manager over ssh -X, or over
> VNC started from say /etc/sysconfig/vncservers, our policykit policy
> rejects the user outright, providing no option to provide the root
> password. This is confusing to users and doesn't seem to serve much
> point.
> 
> Change the policy to allow inactive (VNC) and non-local (SSH, VNC)
> to provide root credentials for accessing system libvirtd. We use
> auth_admin rather than auth_admin_keep so that credentials aren't
> cached at all, and every subsequent reconnection to libvirt requires
> auth.
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115
> Similar change to PackageKit policy:
> https://bugzilla.redhat.com/show_bug.cgi?id=528511

Interesting read.

> ---
>  daemon/libvirtd.policy-0 |    4 ++--
>  daemon/libvirtd.policy-1 |    4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)

ACK.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]