On 02/07/2012 09:59 AM, Cole Robinson wrote: > If you are sitting in front of a physical machine and logged in as > a regular user, you can connect to the system libvirtd instance > by providing a root password to policykit. This is how most > virt-manager users talk to libvirt. > > However, if you are launching virt-manager over ssh -X, or over > VNC started from say /etc/sysconfig/vncservers, our policykit policy > rejects the user outright, providing no option to provide the root > password. This is confusing to users and doesn't seem to serve much > point. > > Change the policy to allow inactive (VNC) and non-local (SSH, VNC) > to provide root credentials for accessing system libvirtd. We use > auth_admin rather than auth_admin_keep so that credentials aren't > cached at all, and every subsequent reconnection to libvirt requires > auth. > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115 > Similar change to PackageKit policy: > https://bugzilla.redhat.com/show_bug.cgi?id=528511 Interesting read. > --- > daemon/libvirtd.policy-0 | 4 ++-- > daemon/libvirtd.policy-1 | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) ACK. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list