On Tue, Jun 11, 2013 at 17:11:12 -0400, Cole Robinson wrote: > There's a bug report filed against Fedora libvirt requesting a polkit rule be > installed that grants read/write libvirt access to all users in the 'qemu' group: > > https://bugzilla.redhat.com/show_bug.cgi?id=957300 > > I'm inclined to agree with the reporter, and time has shown that many users > install custom polkit rules to grant their user passwordless access to libvirt > so this would definitely fill a need. > > I'm sure there's plenty to consider here since we are talking about security. > Thoughts? I don't know if it's a generally good idea or not being a polkit illiterate, however, I know for sure it should not be allowed for 'qemu' group. We certainly don't want QEMU (run as qemu:qemu) to be able to mess with libvirt. That said, if we should create a dedicated 'libvirt' group in case we implement the requested polkit rule. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list