Re: [PATCH 6/6] examples: polkit: Grant 'domain.read-secure' for the example cases
On Mon, Feb 20, 2023 at 11:47:09AM +0100, Peter Krempa wrote:
The example gives the user authorized to work with the domain
permission
to open the graphics socket. Since the graphics socket may be protected
with a password it makes sense to grant the user the
'domain.read-secure' permission to fetch the password for the graphics
object.
This also goes along with e.g. 'domain.send-input' and
'domain.screenshot' as they'll allow the user to interact with the
domain even if they didn't have the password.
The password isn't required, as you can use virDomainOpenGraphics
to connect when its a local display, and that's allowed via the
domain.open-graphics permission. virt-viewer at least will use
this API, but can't remember in virt-manager will. This also
bypasses any need to configure TLS certificates for VNC, or
do Kerberos auth if that's enabled.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
examples/polkit/libvirt-acl.rules | 1 +
1 file changed, 1 insertion(+)
diff --git a/examples/polkit/libvirt-acl.rules b/examples/polkit/libvirt-acl.rules
index dd6836599a..2edd9c5b8e 100644
--- a/examples/polkit/libvirt-acl.rules
+++ b/examples/polkit/libvirt-acl.rules
@@ -93,6 +93,7 @@ restrictedActions = [
"domain.inject-nmi",
"domain.open-device",
"domain.open-graphics",
+ "domain.read-secure",
We don't allow the secret.read-secure parameter, and I don't
think we should allow this either.
"domain.pm-control",
"domain.read",
"domain.reset",
--
2.39.2
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|