On Thu, Jan 10, 2013 at 03:12:18AM +0200, Zeeshan Ali (Khattak) wrote: > Hi, > Once again, I'll be lazy and just copy&paste an IRC conversation but > please don't hesitate to ask if something needs clarification: > > <zeenix> am i missing something or there is no way to 'upgrade' a > read-only connection to a normal one? > <eblake_out> zeenix: looks like you have to create a new connection if > you want new privileges > <eblake_out> although you may want to float it by the list to see if a > new API for upgrading an existing connection makes sense > <eblake_out> especially in light of danpb's work-in-progress on adding > fine-grained ACLs > <zeenix> ah ok > <zeenix> eblake_out: we'd like to connect to system libvirt as well by > default in boxes > <zeenix> but would be nice to avoid the polkit dialog until we really > need full-access Really the concept of separate read-only vs read-write connections is completely flawed. In a world where you have proper access control on individual APIs, you'd just have a single connection you let anyone connect to, and then do the checks at API call time which would trigger auth as required Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list