Re: [libvirt] PATCH: Misc changes to policykit policy file
On Wed, Jul 09, 2008 at 10:37:27AM +0100, Daniel P. Berrange wrote:
After discussions with policykit maintainers I've come to the
conclusion
that it is better for security if we default to 'auth_admin_keep_sesion'
instead of 'auth_self_keep_session'. ie prompt for the root password (ala
'su') instead of the user's password (ala 'sudo'). This is because
having
access to libvirtd gives you very significant power over the host machine.
Secondly, newer versions of policykit have imposed a naming constraint on
policy files, so when we install our policy it needs to be in a file called
org.libvirt.unix.policy, instead of just libvirt.policy. So there's a change
to the Makefile to support this.
Okay, sounds fine, +1
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/