On Sun, Oct 14, 2012 at 07:44:44PM -0400, Cole Robinson wrote:
> On 10/13/2012 05:31 AM, Richard W.M. Jones wrote:
>
> >
> > Does libvirt (or policy kit?) provide any mechanism for caching these
> > credentials within the same process, so that we don't have to provide
> > the same creds back to libvirt for multiple connections?
> >
>
> Yeah, that's the 'keep' in 'auth_admin_keep' in libvirt's policykit rules:
>
> http://libvirt.org/git/?p=libvirt.git;a=blob;f=daemon/libvirtd.policy.in
>
> But libvirt only enables it for local, active sessions, which doesn't include
> SSH logins for example. libvirt should s/auth_admin/auth_admin_keep/g
So if I understand correctly, how about this patch?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
From 9eea45e80ad80283f1a89f792bcf0c174818f4a2 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@xxxxxxxxxx>
Date: Mon, 15 Oct 2012 09:01:13 +0100
Subject: [PATCH] daemon: Make the default PolicyKit policy auth_admin_keep.
---
daemon/libvirtd.policy.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/daemon/libvirtd.policy.in b/daemon/libvirtd.policy.in
index 000c17e..df42e5f 100644
--- a/daemon/libvirtd.policy.in
+++ b/daemon/libvirtd.policy.in
@@ -31,8 +31,8 @@ version 2. See COPYING for details.
<defaults>
<!-- Any program can use libvirt in read/write mode if they
provide the root password -->
- <allow_any>auth_admin</allow_any>
- <allow_inactive>auth_admin</allow_inactive>
+ <allow_any>@authaction@</allow_any>
+ <allow_inactive>@authaction@</allow_inactive>
<allow_active>@authaction@</allow_active>
</defaults>
</action>
--
1.7.11.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list