Re: [PATCH repost] daemon: Make the default PolicyKit policy auth_admin_keep.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 01, 2012 at 02:41:09PM +0000, Daniel P. Berrange wrote:
> On Thu, Nov 01, 2012 at 01:20:18PM +0000, Richard W.M. Jones wrote:
> > 
> > Reposted at Cole's request.  Previous discussion here:
> > https://www.redhat.com/archives/libvir-list/2012-October/thread.html#00682
> > 
> > Rich.
> > 
> > -- 
> > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> > Read my programming blog: http://rwmj.wordpress.com
> > Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
> > http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
> 
> > From 91b1c69f9f1e300be0ac577339c248611e2abc70 Mon Sep 17 00:00:00 2001
> > From: "Richard W.M. Jones" <rjones@xxxxxxxxxx>
> > Date: Mon, 15 Oct 2012 09:01:13 +0100
> > Subject: [PATCH] daemon: Make the default PolicyKit policy auth_admin_keep.
> > 
> > ---
> >  daemon/libvirtd.policy.in | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/daemon/libvirtd.policy.in b/daemon/libvirtd.policy.in
> > index 2ec7716..de1aba4 100644
> > --- a/daemon/libvirtd.policy.in
> > +++ b/daemon/libvirtd.policy.in
> > @@ -43,8 +43,8 @@ License along with this library.  If not, see
> >        <defaults>
> >          <!-- Any program can use libvirt in read/write mode if they
> >               provide the root password -->
> > -        <allow_any>auth_admin</allow_any>
> > -        <allow_inactive>auth_admin</allow_inactive>
> > +        <allow_any>@authaction@</allow_any>
> > +        <allow_inactive>@authaction@</allow_inactive>
> >          <allow_active>@authaction@</allow_active>
> >        </defaults>
> >      </action>
> 
> ACK I talked with David Z. Based on the way libvirt uses policykit, this
> change will not adversely impact security.

Thanks, I have pushed this.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]