On Sat, Oct 11, 2014 at 06:59:01PM +0200, Michael Biebl wrote: > Am 11.10.2014 um 18:30 schrieb Guido Günther: > > Hi Michael, > > On Sat, Oct 11, 2014 at 04:26:57PM +0200, Michael Biebl wrote: > >> Package: libvirt-daemon-system > >> Version: 1.2.9-2 > >> Severity: normal > >> > >> Hi, > >> > >> package provided policykit rules files are supposed to go to > >> /usr/share/polkit-1/rules.d/. > >> /etc/polkit-1/rules.d/ is reserved for local changes by the admin. > >> > >> Please consider moving the file. > > > > I do wonder why 40sudo and 50default is in there then? Are these bugs > > too? > > Yeah, probably. > > > The idea was to make it simple to get rid of the libvirt group having > > access to the socket by removing the file. > > Afaics, the mechanism to grant users access to the socket, is > "adduser <user> libvirt". So it seems more natural to simply remove > users from the group again instead of removing the policy alltogether. > > That said, if the intention is to disable this rule, you can simply do a > "touch /etc/polkit-1/rules.d/60-libvirt.rules". This will override the > system provided rules file.
But this wouldn't get carried over e.g. renaming the file while in /etc/ we'd have the maintscript helper but I agree that we shouldn't do things different than other polkit using packages here. Thanks for the explanation, -- Guido > The idea behind moving default configuration data to /usr is to make > stateless systems possible. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org