[PATCH 6/6] examples: polkit: Grant 'domain.read-secure' for the example cases

Monday, 20 February 2023

The example gives the user authorized to work with the domain permission
to open the graphics socket. Since the graphics socket may be protected
with a password it makes sense to grant the user the
'domain.read-secure' permission to fetch the password for the graphics
object.

This also goes along with e.g. 'domain.send-input' and
'domain.screenshot' as they'll allow the user to interact with the
domain even if they didn't have the password.

Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt;
---
 examples/polkit/libvirt-acl.rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/polkit/libvirt-acl.rules b/examples/polkit/libvirt-acl.rules
index dd6836599a..2edd9c5b8e 100644
--- a/examples/polkit/libvirt-acl.rules
+++ b/examples/polkit/libvirt-acl.rules
@@ -93,6 +93,7 @@ restrictedActions = [
     "domain.inject-nmi",
     "domain.open-device",
     "domain.open-graphics",
+    "domain.read-secure",
     "domain.pm-control",
     "domain.read",
     "domain.reset",
-- 
2.39.2


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH 6/6] examples: polkit: Grant 'domain.read-secure' for the example cases