Federico Simoncelli has posted comments on this change.
Change subject: Add PolicyKit support to access libvirt
......................................................................
Patch Set 1: (1 inline comment)
> wouldn't it let local admin in by default? Do we want that?
Let's discuss it. I'm not very happy to modify the libvirt configuration
(several changes) and add a password just to lock out the user.
When on the other hand we can ditch the burden to maintain the libvirtd.conf
and also avoid to confuse the user.
(I know anything could mess with the vm's but "UNIX was not designed to
stop its users from doing stupid things, as that would also stop them from
doing clever things" :-).
Anyway I'm all for keeping it downstream though, where the sysadmin
(ovirt-engine) will have a tool to run (vdsm-tool libvirt-reconfigure?)
to accomplish that.
> I suppose auth_unix_rw should be set to "polkit" if we take this patch.
No, that's the default already.
....................................................
File vdsm.spec.in
Line 4: %global _polkit_path
%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d
that's taken exactly from the polkit package. it's /var/lib though.
--
To view, visit http://gerrit.ovirt.org/322
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ia781accc36d9d9a8e6b49099dc5126aa557831a3
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Federico Simoncelli <[email protected]>
Gerrit-Reviewer: Dan Kenigsberg <[email protected]>
Gerrit-Reviewer: Federico Simoncelli <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/vdsm-patches
