Re: [PATCH 6/6] examples: polkit: Grant 'domain.read-secure' for the example cases

On Mon, Feb 20, 2023 at 11:47:09AM +0100, Peter Krempa wrote: > The example gives the user authorized to work with the domain permission > to open the graphics socket. Since the graphics socket may be protected > with a password it makes sense to grant the user the > 'domain.read-secure' permission to fetch the password for the graphics > object. > > This also goes along with e.g. 'domain.send-input' and > 'domain.screenshot' as they'll allow the user to interact with the > domain even if they didn't have the password. The password isn't required, as you can use virDomainOpenGraphics to connect when its a local display, and that's allowed via the domain.open-graphics permission. virt-viewer at least will use