On Thu, Nov 01, 2012 at 02:41:09PM +0000, Daniel P. Berrange wrote: > On Thu, Nov 01, 2012 at 01:20:18PM +0000, Richard W.M. Jones wrote: > > > > Reposted at Cole's request. Previous discussion here: > > https://www.redhat.com/archives/libvir-list/2012-October/thread.html#00682 > > > > Rich. > > > > -- > > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > > Read my programming blog: http://rwmj.wordpress.com > > Fedora now supports 80 OCaml packages (the OPEN alternative to F#) > > http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora > > > From 91b1c69f9f1e300be0ac577339c248611e2abc70 Mon Sep 17 00:00:00 2001 > > From: "Richard W.M. Jones" <rjones@xxxxxxxxxx> > > Date: Mon, 15 Oct 2012 09:01:13 +0100 > > Subject: [PATCH] daemon: Make the default PolicyKit policy auth_admin_keep. > > > > --- > > daemon/libvirtd.policy.in | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/daemon/libvirtd.policy.in b/daemon/libvirtd.policy.in > > index 2ec7716..de1aba4 100644 > > --- a/daemon/libvirtd.policy.in > > +++ b/daemon/libvirtd.policy.in > > @@ -43,8 +43,8 @@ License along with this library. If not, see > > <defaults> > > <!-- Any program can use libvirt in read/write mode if they > > provide the root password --> > > - <allow_any>auth_admin</allow_any> > > - <allow_inactive>auth_admin</allow_inactive> > > + <allow_any>@authaction@</allow_any> > > + <allow_inactive>@authaction@</allow_inactive> > > <allow_active>@authaction@</allow_active> > > </defaults> > > </action> > > ACK I talked with David Z. Based on the way libvirt uses policykit, this > change will not adversely impact security. Thanks, I have pushed this. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list