After discussions with policykit maintainers I've come to the conclusion
that it is better for security if we default to 'auth_admin_keep_sesion'
instead of 'auth_self_keep_session'. ie prompt for the root password (ala
'su') instead of the user's password (ala 'sudo'). This is because having
access to libvirtd gives you very significant power over the host machine.
Secondly, newer versions of policykit have imposed a naming constraint on
policy files, so when we install our policy it needs to be in a file called
org.libvirt.unix.policy, instead of just libvirt.policy. So there's a change
to the Makefile to support this.
Daniel
diff -r e17c1bd119fc libvirt.spec.in
--- a/libvirt.spec.in Wed Jul 09 09:26:26 2008 +0100
+++ b/libvirt.spec.in Wed Jul 09 10:32:24 2008 +0100
@@ -240,7 +240,7 @@
%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/images/
%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/boot/
%if %{with_polkit}
-%{_datadir}/PolicyKit/policy/libvirtd.policy
+%{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
%endif
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
%if %{with_xen_proxy}
diff -r e17c1bd119fc qemud/Makefile.am
--- a/qemud/Makefile.am Wed Jul 09 09:26:26 2008 +0100
+++ b/qemud/Makefile.am Wed Jul 09 10:32:24 2008 +0100
@@ -13,7 +13,8 @@
remote_dispatch_proc_switch.h \
mdns.c mdns.h \
libvirtd.sasl \
- libvirtd.conf
+ libvirtd.conf \
+ libvirtd.policy
if RPCGEN
SUFFIXES = .x
@@ -75,9 +76,7 @@
if HAVE_POLKIT
policydir = $(datadir)/PolicyKit/policy
-policy_DATA = libvirtd.policy
endif
-EXTRA_DIST += libvirtd.policy
if HAVE_AVAHI
libvirtd_SOURCES += mdns.c mdns.h
@@ -86,7 +85,7 @@
endif
default_xml_dest = libvirt/qemu/networks/default.xml
-install-data-local: install-init install-data-sasl
+install-data-local: install-init install-data-sasl install-data-polkit
mkdir -p $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart
$(INSTALL_DATA) $(srcdir)/default-network.xml \
$(DESTDIR)$(sysconfdir)/$(default_xml_dest)
@@ -99,7 +98,7 @@
mkdir -p $(DESTDIR)$(localstatedir)/run/libvirt
mkdir -p $(DESTDIR)$(localstatedir)/lib/libvirt
-uninstall-local:: uninstall-init uninstall-data-sasl
+uninstall-local:: uninstall-init uninstall-data-sasl install-data-polkit
rm -f $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml
rm -f $(DESTDIR)$(sysconfdir)/$(default_xml_dest)
rmdir $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart || :
@@ -119,6 +118,18 @@
install-data-sasl:
uninstall-data-sasl:
endif
+
+if HAVE_POLKIT
+install-data-polkit:: install-init
+ mkdir -p $(DESTDIR)$(policydir)
+ $(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+uninstall-data-polkit:: install-init
+ rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+else
+install-data-polkit::
+uninstall-data-polkit::
+endif
+
remote.c: remote_dispatch_prototypes.h \
remote_dispatch_localvars.h \
diff -r e17c1bd119fc qemud/libvirtd.policy
--- a/qemud/libvirtd.policy Wed Jul 09 09:26:26 2008 +0100
+++ b/qemud/libvirtd.policy Wed Jul 09 10:32:24 2008 +0100
@@ -36,7 +36,7 @@
read-write mode for management, and we require user password -->
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
- <allow_active>auth_self_keep_session</allow_active>
+ <allow_active>auth_admin_keep_session</allow_active>
</defaults>
</action>
-</policyconfig>
\ No newline at end of file
+</policyconfig>
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list