Re: [libvirt-users] Libvirt access control drivers
On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote:
I read this page https://libvirt.org/aclpolkit.html
And it is written :"At this point in time, the only attribute provided by
libvirt to identify the user invoking the operation is the PID of the
client program. This means that the polkit access control driver is only
useful if connections to libvirt are restricted to its UNIX domain socket."
You're mis-interpreted what that means. Libvirt provides the PID to polkit
(well actually pid + starttime), polkit uses this to identify the process
and determine its username and group membership, which is then used to
make access control decisions.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|