Re: [PATCH] Allow polkit auth for VNC and SSH users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/07/2012 12:08 PM, Eric Blake wrote:
> On 02/07/2012 09:59 AM, Cole Robinson wrote:
>> If you are sitting in front of a physical machine and logged in as
>> a regular user, you can connect to the system libvirtd instance
>> by providing a root password to policykit. This is how most
>> virt-manager users talk to libvirt.
>>
>> However, if you are launching virt-manager over ssh -X, or over
>> VNC started from say /etc/sysconfig/vncservers, our policykit policy
>> rejects the user outright, providing no option to provide the root
>> password. This is confusing to users and doesn't seem to serve much
>> point.
>>
>> Change the policy to allow inactive (VNC) and non-local (SSH, VNC)
>> to provide root credentials for accessing system libvirtd. We use
>> auth_admin rather than auth_admin_keep so that credentials aren't
>> cached at all, and every subsequent reconnection to libvirt requires
>> auth.
>>
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115
>> Similar change to PackageKit policy:
>> https://bugzilla.redhat.com/show_bug.cgi?id=528511
> 
> Interesting read.
> 
>> ---
>>  daemon/libvirtd.policy-0 |    4 ++--
>>  daemon/libvirtd.policy-1 |    4 ++--
>>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> ACK.
> 

Thanks, pushed now.

- Cole

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]