libvirt/daemon/libvirtd.policy-1

<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">

<!--
Policy definitions for libvirt daemon

Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>

libvirt is licensed to you under the GNU Lesser General Public License
version 2. See COPYING for details.

NOTE: If you make changes to this file, make sure to validate the file
using the polkit-policy-file-validate(1) tool. Changes made to this
file are instantly applied.
-->

<policyconfig>
    <action id="org.libvirt.unix.monitor">
      <description>Monitor local virtualized systems</description>
      <message>System policy prevents monitoring of local virtualized systems</message>
      <defaults>
        <!-- Any program can use libvirt in read-only mode for monitoring,
             even if not part of a session -->
        <allow_any>yes</allow_any>
        <allow_inactive>yes</allow_inactive>
        <allow_active>yes</allow_active>
      </defaults>
    </action>

    <action id="org.libvirt.unix.manage">
      <description>Manage local virtualized systems</description>
      <message>System policy prevents management of local virtualized systems</message>
      <defaults>
        <!-- Only a program in the active host session can use libvirt in
             read-write mode for management, and we require user password -->
        <allow_any>no</allow_any>
        <allow_inactive>no</allow_inactive>
        <allow_active>auth_admin_keep</allow_active>
      </defaults>
    </action>
</policyconfig>
Added PolicyKit authentication support 2007-12-05 18:21:27 +00:00			`<!DOCTYPE policyconfig PUBLIC`
			`"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"`
			`"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">`

			`<!--`
			`Policy definitions for libvirt daemon`

			`Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>`

			`libvirt is licensed to you under the GNU Lesser General Public License`
			`version 2. See COPYING for details.`

			`NOTE: If you make changes to this file, make sure to validate the file`
			`using the polkit-policy-file-validate(1) tool. Changes made to this`
			`file are instantly applied.`
			`-->`

			`<policyconfig>`
			`<action id="org.libvirt.unix.monitor">`
			`<description>Monitor local virtualized systems</description>`
			`<message>System policy prevents monitoring of local virtualized systems</message>`
			`<defaults>`
			`<!-- Any program can use libvirt in read-only mode for monitoring,`
			`even if not part of a session -->`
			`<allow_any>yes</allow_any>`
			`<allow_inactive>yes</allow_inactive>`
			`<allow_active>yes</allow_active>`
			`</defaults>`
			`</action>`

			`<action id="org.libvirt.unix.manage">`
			`<description>Manage local virtualized systems</description>`
			`<message>System policy prevents management of local virtualized systems</message>`
			`<defaults>`
			`<!-- Only a program in the active host session can use libvirt in`
			`read-write mode for management, and we require user password -->`
			`<allow_any>no</allow_any>`
			`<allow_inactive>no</allow_inactive>`
Support new PolicyKit 1.0 API * configure.in: Check for pkcheck which indicates new policykit * qemud/Makefile.am: Install different versions of policy * qemud/libvirtd.policy: Rename to libvirtd.policy-0 * qemud/libvirtd.policy-1: new style policy * qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new policykit API via external pkcheck helper * src/remote_internal.c: Don't prompt for polkit auth with new policykit API * libvirt.spec.in: deal with new policy install locations & deps 2009-08-06 12:54:08 +00:00			`<allow_active>auth_admin_keep</allow_active>`
Added PolicyKit authentication support 2007-12-05 18:21:27 +00:00			`</defaults>`
			`</action>`
Default to admin auth for polkit. Rename policy file 2008-07-11 09:51:25 +00:00			`</policyconfig>`