Just tweak it at build time depending on what polkit version we are building for. --- .gitignore | 1 + daemon/Makefile.am | 16 +++++++++++----- daemon/libvirtd.policy-0 | 42 ------------------------------------------ daemon/libvirtd.policy-1 | 42 ------------------------------------------ daemon/libvirtd.policy.in | 42 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 54 insertions(+), 89 deletions(-) delete mode 100644 daemon/libvirtd.policy-0 delete mode 100644 daemon/libvirtd.policy-1 create mode 100644 daemon/libvirtd.policy.in diff --git a/.gitignore b/.gitignore index 1cd2d45..1b22b92 100644 --- a/.gitignore +++ b/.gitignore @@ -55,6 +55,7 @@ /daemon/libvirtd.init /daemon/libvirtd.pod /daemon/libvirtd.service +/daemon/libvirtd.policy /daemon/test_libvirtd.aug /docs/apibuild.py.stamp /docs/devhelp/libvirt.devhelp diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 3405c67..f747c48 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -35,8 +35,7 @@ EXTRA_DIST = \ libvirtd.conf \ libvirtd.init.in \ libvirtd.upstart \ - libvirtd.policy-0 \ - libvirtd.policy-1 \ + libvirtd.policy.in \ libvirtd.sasl \ libvirtd.sysconf \ libvirtd.sysctl \ @@ -173,13 +172,20 @@ libvirtd_LDADD += ../src/libvirt.la if HAVE_POLKIT if HAVE_POLKIT0 policydir = $(datadir)/PolicyKit/policy -policyfile = libvirtd.policy-0 +policyauth = auth_admin_keep_session else policydir = $(datadir)/polkit-1/actions -policyfile = libvirtd.policy-1 +policyauth = auth_admin_keep endif endif +libvirtd.policy: libvirtd.policy.in $(top_builddir)/config.status + $(AM_V_GEN) sed \ + -e 's![@]authaction[@]!$(policyauth)!g' \ + < $< > $@-t && \ + mv $@-t $@ +BUILT_SOURCES += libvirtd.policy + install-data-local: install-init-redhat install-init-systemd install-init-upstart \ install-data-sasl install-data-polkit \ install-logrotate install-sysctl @@ -197,7 +203,7 @@ uninstall-local:: uninstall-init-redhat uninstall-init-systemd uninstall-init-up if HAVE_POLKIT install-data-polkit:: $(MKDIR_P) $(DESTDIR)$(policydir) - $(INSTALL_DATA) $(srcdir)/$(policyfile) $(DESTDIR)$(policydir)/org.libvirt.unix.policy + $(INSTALL_DATA) $(srcdir)/libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy uninstall-data-polkit:: rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy rmdir $(DESTDIR)$(policydir) || : diff --git a/daemon/libvirtd.policy-0 b/daemon/libvirtd.policy-0 deleted file mode 100644 index 5d6845c..0000000 --- a/daemon/libvirtd.policy-0 +++ /dev/null @@ -1,42 +0,0 @@ -<!DOCTYPE policyconfig PUBLIC - "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" - "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";> - -<!-- -Policy definitions for libvirt daemon - -Copyright (c) 2007 Daniel P. Berrange <berrange redhat com> - -libvirt is licensed to you under the GNU Lesser General Public License -version 2. See COPYING for details. - -NOTE: If you make changes to this file, make sure to validate the file -using the polkit-policy-file-validate(1) tool. Changes made to this -file are instantly applied. ---> - -<policyconfig> - <action id="org.libvirt.unix.monitor"> - <description>Monitor local virtualized systems</description> - <message>System policy prevents monitoring of local virtualized systems</message> - <defaults> - <!-- Any program can use libvirt in read-only mode for monitoring, - even if not part of a session --> - <allow_any>yes</allow_any> - <allow_inactive>yes</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.libvirt.unix.manage"> - <description>Manage local virtualized systems</description> - <message>System policy prevents management of local virtualized systems</message> - <defaults> - <!-- Only a program in the active host session can use libvirt in - read-write mode for management, and we require user password --> - <allow_any>auth_admin</allow_any> - <allow_inactive>auth_admin</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> - </defaults> - </action> -</policyconfig> diff --git a/daemon/libvirtd.policy-1 b/daemon/libvirtd.policy-1 deleted file mode 100644 index c2bec1f..0000000 --- a/daemon/libvirtd.policy-1 +++ /dev/null @@ -1,42 +0,0 @@ -<!DOCTYPE policyconfig PUBLIC - "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" - "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";> - -<!-- -Policy definitions for libvirt daemon - -Copyright (c) 2007 Daniel P. Berrange <berrange redhat com> - -libvirt is licensed to you under the GNU Lesser General Public License -version 2. See COPYING for details. - -NOTE: If you make changes to this file, make sure to validate the file -using the polkit-policy-file-validate(1) tool. Changes made to this -file are instantly applied. ---> - -<policyconfig> - <action id="org.libvirt.unix.monitor"> - <description>Monitor local virtualized systems</description> - <message>System policy prevents monitoring of local virtualized systems</message> - <defaults> - <!-- Any program can use libvirt in read-only mode for monitoring, - even if not part of a session --> - <allow_any>yes</allow_any> - <allow_inactive>yes</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.libvirt.unix.manage"> - <description>Manage local virtualized systems</description> - <message>System policy prevents management of local virtualized systems</message> - <defaults> - <!-- Only a program in the active host session can use libvirt in - read-write mode for management, and we require user password --> - <allow_any>auth_admin</allow_any> - <allow_inactive>auth_admin</allow_inactive> - <allow_active>auth_admin_keep</allow_active> - </defaults> - </action> -</policyconfig> diff --git a/daemon/libvirtd.policy.in b/daemon/libvirtd.policy.in new file mode 100644 index 0000000..45b0d79 --- /dev/null +++ b/daemon/libvirtd.policy.in @@ -0,0 +1,42 @@ +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";> + +<!-- +Policy definitions for libvirt daemon + +Copyright (c) 2007 Daniel P. Berrange <berrange redhat com> + +libvirt is licensed to you under the GNU Lesser General Public License +version 2. See COPYING for details. + +NOTE: If you make changes to this file, make sure to validate the file +using the polkit-policy-file-validate(1) tool. Changes made to this +file are instantly applied. +--> + +<policyconfig> + <action id="org.libvirt.unix.monitor"> + <description>Monitor local virtualized systems</description> + <message>System policy prevents monitoring of local virtualized systems</message> + <defaults> + <!-- Any program can use libvirt in read-only mode for monitoring, + even if not part of a session --> + <allow_any>yes</allow_any> + <allow_inactive>yes</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + </action> + + <action id="org.libvirt.unix.manage"> + <description>Manage local virtualized systems</description> + <message>System policy prevents management of local virtualized systems</message> + <defaults> + <!-- Only a program in the active host session can use libvirt in + read-write mode for management, and we require user password --> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>@authaction@</allow_active> + </defaults> + </action> +</policyconfig> -- 1.7.11.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list