On 02/07/2012 12:08 PM, Eric Blake wrote: > On 02/07/2012 09:59 AM, Cole Robinson wrote: >> If you are sitting in front of a physical machine and logged in as >> a regular user, you can connect to the system libvirtd instance >> by providing a root password to policykit. This is how most >> virt-manager users talk to libvirt. >> >> However, if you are launching virt-manager over ssh -X, or over >> VNC started from say /etc/sysconfig/vncservers, our policykit policy >> rejects the user outright, providing no option to provide the root >> password. This is confusing to users and doesn't seem to serve much >> point. >> >> Change the policy to allow inactive (VNC) and non-local (SSH, VNC) >> to provide root credentials for accessing system libvirtd. We use >> auth_admin rather than auth_admin_keep so that credentials aren't >> cached at all, and every subsequent reconnection to libvirt requires >> auth. >> >> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115 >> Similar change to PackageKit policy: >> https://bugzilla.redhat.com/show_bug.cgi?id=528511 > > Interesting read. > >> --- >> daemon/libvirtd.policy-0 | 4 ++-- >> daemon/libvirtd.policy-1 | 4 ++-- >> 2 files changed, 4 insertions(+), 4 deletions(-) > > ACK. > Thanks, pushed now. - Cole -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list