Good noon, On 09/22/2010 02:25 PM, Justin Clift wrote:
On 09/22/2010 07:33 PM, Zdenek Styblik wrote:
I was thinking about writing info for Slackware, because you've asked. But I came to realize the page is written in such general way, it's simply applicable to other distributions without any big troubles which should be worth of writing up.
Hmmmm, how does Slackware do the access control for the libvirt management socket?
Any idea if it's using PolicyKit, or if it's using groups?
I've managed to create ACL by groups and it's working. However, to my surprise, there is Slackware package for PolicyKit. Yet, I have never used it nor tested it (I could though?).
Asking because if it's using one of those two, then it's extremely easy to add a new "Slackware" head and point people to the right bit.
Probably both or it depends on whether PolicyKit is installed or not. (T.B.D.?) Group ACL works for sure.
At least that's my opinion. Of course it doesn't mean there can't be pitfalls in other distributions.
Yeah. I'm kind of thinking that if we know how Slackware does it, we should probably mention it.
That'll help people using things like (ie) Google, when they do keyword searches for "+Libvirt +Slackware +access". Without a mention of Slackware on the pages, search engines won't show it in the result list. :(
Plus... having more distributions on there helps to show off how cross-distribution libvirt is. :)
Indeed :) [...]
One thing though and that's access to virtual storage. Isn't there a problem with group libvirt not having ACL to manipulate images as they are created with root:root ownership? I'm aware of <permissions>...</permissions>, but so far I haven't been successful to make it work (= ownership stayed as root:root no matter what; version 0.8.4).
Hmmm, interesting thought. It's not an area I've looked at from the perspective of access by non-root users.
Yeah, I should investigate that to ensure there aren't any pitfalls there.
Good thinking Zdenek. :)
First things first. I've messed up version number - 0.8.3 (0.8.4 is virt-manager, now at 0.8.5). So now, it's tested with libvirt-0.8.4 for sure. This works. Non-root user - VM management, creating images, VNC. Now, here comes part which is hard to describe. qemu-kvm - running as libvirt - great! libvirtd - running as root - bad? I wanted to achieve something like that (= root-less qemu and libvirtd) with 0.8.3, but it didn't work because libvirt/virt-manager claimed ACL problem. I think it's time for re-test and eventual push into "production" of mine :) I'm not sure if this part made sense. Simply - it works as expected.
Regards and best wishes,
Justin Clift
Have a nice day, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net jabber: stybla@jabber.turnovfree.net