Guido Günther wrote:
On Tue, Apr 28, 2015 at 07:51:11PM -0400, Cole Robinson wrote:
Many users, who admin their own machines, want to be able to access system libvirtd via tools like virt-manager without having to enter a root password. Just google 'virt-manager without password' and you'll find many hits. I've read at least 5 blog posts over the years describing slightly different ways of achieving this goal.
Let's finally add official support for this.
Install a polkit-1 rules file granting password-less auth for any user in the new 'libvirt' group. Create the group on RPM install
https://bugzilla.redhat.com/show_bug.cgi?id=957300 --- daemon/50-libvirt.rules | 9 +++++++++ daemon/Makefile.am | 13 +++++++++++++ libvirt.spec.in | 15 +++++++++++++-- 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 daemon/50-libvirt.rules
diff --git a/daemon/50-libvirt.rules b/daemon/50-libvirt.rules new file mode 100644 index 0000000..01a15fa --- /dev/null +++ b/daemon/50-libvirt.rules @@ -0,0 +1,9 @@ +// Allow any user in the 'libvirt' group to connect to system libvirtd +// without entering a password. + +polkit.addRule(function(action, subject) { + if (action.id == "org.libvirt.unix.manage" && + subject.isInGroup("libvirt")) { + return polkit.Result.YES; + } +});
That's what we're shipping in Debian since quiet some time:
https://anonscm.debian.org/cgit/pkg-libvirt/libvirt.git/tree/debian/polkit/6...
Heh, I recently accepted a similar change for openSUSE https://build.opensuse.org/package/view_file/Virtualization/libvirt/polkit-1... Regards, Jim