On Thu, Jan 10, 2013 at 12:14 PM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: > On Thu, Jan 10, 2013 at 03:12:18AM +0200, Zeeshan Ali (Khattak) wrote: >> Hi, >> Once again, I'll be lazy and just copy&paste an IRC conversation but >> please don't hesitate to ask if something needs clarification: >> >> <zeenix> am i missing something or there is no way to 'upgrade' a >> read-only connection to a normal one? >> <eblake_out> zeenix: looks like you have to create a new connection if >> you want new privileges >> <eblake_out> although you may want to float it by the list to see if a >> new API for upgrading an existing connection makes sense >> <eblake_out> especially in light of danpb's work-in-progress on adding >> fine-grained ACLs >> <zeenix> ah ok >> <zeenix> eblake_out: we'd like to connect to system libvirt as well by >> default in boxes >> <zeenix> but would be nice to avoid the polkit dialog until we really >> need full-access > > Really the concept of separate read-only vs read-write connections is > completely flawed. In a world where you have proper access control on > individual APIs, you'd just have a single connection you let anyone > connect to, and then do the checks at API call time which would trigger > auth as required Sounds reasonable. For the moment, I'll try to simulate the "upgrade" in Boxes that from an end-user's perspective will work the same way as you described above. -- Regards, Zeeshan Ali (Khattak) FSF member#5124 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list