On Mon, Apr 07, 2008 at 02:38:17PM +0100, Richard W.M. Jones wrote: > On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote: > > I'm designing a web interface for libvirt so that my customers can > > manage their DomUs - unless you know of a good one that already exists??? > > > > I'm thinking that the best way to run this is have the web server > > connected to libvirtd - but I can't find any documentation about the API > > it presents - can you help? > > I sort of gathered from IRC that you are using Perl & Dan's Perl > bindings. This is the right approach. > > In order to be able to contact libvirtd without needing to run > anything as root you (may) need to change the permissions on the > libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your > libvirt was configured to use PolicyKit you may also need to edit the > configuration file /etc/PolicyKit/PolicyKit.conf to allow your web > server user access to the privilege 'org.libvirt.unix.manage'. PolicyKit is one option - you'd need to edit /etc/PolicyKit/PolicyKit.conf to add an explicit rule allowing the httpd user access. Alternatively you could switch the UNIX socket to use SASL as its auth method, and setup a SASL username & password There's some docs here http://libvirt.org/auth.html Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list