Good noon, On 09/22/2010 02:25 PM, Justin Clift wrote: > On 09/22/2010 07:33 PM, Zdenek Styblik wrote: >> I was thinking about writing info for Slackware, because you've asked. >> But I came to realize the page is written in such general way, it's >> simply applicable to other distributions without any big troubles which >> should be worth of writing up. > > Hmmmm, how does Slackware do the access control for the libvirt > management socket? > > Any idea if it's using PolicyKit, or if it's using groups? > I've managed to create ACL by groups and it's working. However, to my surprise, there is Slackware package for PolicyKit. Yet, I have never used it nor tested it (I could though?). > Asking because if it's using one of those two, then it's extremely > easy to add a new "Slackware" head and point people to the right bit. > Probably both or it depends on whether PolicyKit is installed or not. (T.B.D.?) Group ACL works for sure. > >> At least that's my opinion. Of course it >> doesn't mean there can't be pitfalls in other distributions. > > Yeah. I'm kind of thinking that if we know how Slackware does it, > we should probably mention it. > > That'll help people using things like (ie) Google, when they do > keyword searches for "+Libvirt +Slackware +access". Without a mention > of Slackware on the pages, search engines won't show it in the result > list. :( > > Plus... having more distributions on there helps to show off how > cross-distribution libvirt is. :) > Indeed :) [...] >> One thing though and that's access to virtual storage. Isn't there a >> problem with group libvirt not having ACL to manipulate images as they >> are created with root:root ownership? I'm aware of >> <permissions>...</permissions>, but so far I haven't been successful to >> make it work (= ownership stayed as root:root no matter what; version >> 0.8.4). > > Hmmm, interesting thought. It's not an area I've looked at from the > perspective of access by non-root users. > > Yeah, I should investigate that to ensure there aren't any pitfalls there. > > Good thinking Zdenek. :) > First things first. I've messed up version number - 0.8.3 (0.8.4 is virt-manager, now at 0.8.5). So now, it's tested with libvirt-0.8.4 for sure. This works. Non-root user - VM management, creating images, VNC. Now, here comes part which is hard to describe. qemu-kvm - running as libvirt - great! libvirtd - running as root - bad? I wanted to achieve something like that (= root-less qemu and libvirtd) with 0.8.3, but it didn't work because libvirt/virt-manager claimed ACL problem. I think it's time for re-test and eventual push into "production" of mine :) I'm not sure if this part made sense. Simply - it works as expected. > Regards and best wishes, > > Justin Clift Have a nice day, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@xxxxxxxxxxxxxx jabber: stybla@xxxxxxxxxxxxxxxxxxxxx