Re: [libvirt] PATCH: Misc changes to policykit policy file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 09, 2008 at 10:37:27AM +0100, Daniel P. Berrange wrote:
> After discussions with policykit maintainers I've come to the conclusion
> that it is better for security if we default to 'auth_admin_keep_sesion'
> instead of 'auth_self_keep_session'. ie prompt for the root password (ala
> 'su') instead of the user's password (ala 'sudo'). This is because having
> access to libvirtd gives you very significant power over the host machine.
> 
> Secondly, newer versions of policykit have imposed a naming constraint on
> policy files, so when we install our policy it needs to be in a file called
> org.libvirt.unix.policy, instead of just libvirt.policy. So there's a change
> to the Makefile to support this.

  Okay, sounds fine, +1

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@xxxxxxxxxx  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]