libvirt/daemon/libvirtd.policy.in

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">

<!--
Policy definitions for libvirt daemon

Copyright (C) 2012 Red Hat, Inc.
Copyright (C) 2007 Daniel P. Berrange <berrange redhat com>

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library.  If not, see
<http://www.gnu.org/licenses/>.
-->

<policyconfig>
    <action id="org.libvirt.unix.monitor">
      <description>Monitor local virtualized systems</description>
      <message>System policy prevents monitoring of local virtualized systems</message>
      <defaults>
        <!-- Any program can use libvirt in read-only mode for monitoring,
             even if not part of a session -->
        <allow_any>yes</allow_any>
        <allow_inactive>yes</allow_inactive>
        <allow_active>yes</allow_active>
      </defaults>
    </action>

    <action id="org.libvirt.unix.manage">
      <description>Manage local virtualized systems</description>
      <message>System policy prevents management of local virtualized systems</message>
      <defaults>
        <!-- Any program can use libvirt in read/write mode if they
             provide the root password -->
        <allow_any>@authaction@</allow_any>
        <allow_inactive>@authaction@</allow_inactive>
        <allow_active>@authaction@</allow_active>
      </defaults>
    </action>
</policyconfig>
Tweak comments in the policykit rules file - Add the XML header so vim gives us syntax highlighting - polkit-policy-file-validate hasn't existed for 3 years - Permissions comment was not accurate 2012-10-12 15:56:17 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
Added PolicyKit authentication support 2007-12-05 18:21:27 +00:00			`<!DOCTYPE policyconfig PUBLIC`
			`"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"`
			`"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">`

			`<!--`
			`Policy definitions for libvirt daemon`

maint: fix license on polkit script As approved here: https://www.redhat.com/archives/libvir-list/2012-October/msg00701.html * daemon/libvirtd.policy.in: Use LGPLv2+ license. 2012-10-15 20:09:05 +00:00			`Copyright (C) 2012 Red Hat, Inc.`
			`Copyright (C) 2007 Daniel P. Berrange <berrange redhat com>`
Added PolicyKit authentication support 2007-12-05 18:21:27 +00:00
maint: fix license on polkit script As approved here: https://www.redhat.com/archives/libvir-list/2012-October/msg00701.html * daemon/libvirtd.policy.in: Use LGPLv2+ license. 2012-10-15 20:09:05 +00:00			`This library is free software; you can redistribute it and/or`
			`modify it under the terms of the GNU Lesser General Public`
			`License as published by the Free Software Foundation; either`
			`version 2.1 of the License, or (at your option) any later version.`

			`This library is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`Lesser General Public License for more details.`

			`You should have received a copy of the GNU Lesser General Public`
			`License along with this library. If not, see`
			`<http://www.gnu.org/licenses/>.`
Added PolicyKit authentication support 2007-12-05 18:21:27 +00:00			`-->`

			`<policyconfig>`
			`<action id="org.libvirt.unix.monitor">`
			`<description>Monitor local virtualized systems</description>`
			`<message>System policy prevents monitoring of local virtualized systems</message>`
			`<defaults>`
			`<!-- Any program can use libvirt in read-only mode for monitoring,`
			`even if not part of a session -->`
			`<allow_any>yes</allow_any>`
			`<allow_inactive>yes</allow_inactive>`
			`<allow_active>yes</allow_active>`
			`</defaults>`
			`</action>`

			`<action id="org.libvirt.unix.manage">`
			`<description>Manage local virtualized systems</description>`
			`<message>System policy prevents management of local virtualized systems</message>`
			`<defaults>`
Tweak comments in the policykit rules file - Add the XML header so vim gives us syntax highlighting - polkit-policy-file-validate hasn't existed for 3 years - Permissions comment was not accurate 2012-10-12 15:56:17 +00:00			`<!-- Any program can use libvirt in read/write mode if they`
			`provide the root password -->`
daemon: Make the default PolicyKit policy auth_admin_keep. 2012-10-15 08:01:13 +00:00			`<allow_any>@authaction@</allow_any>`
			`<allow_inactive>@authaction@</allow_inactive>`
Only keep one polkit rules file Just tweak it at build time depending on what polkit version we are building for. 2012-10-12 14:51:48 +00:00			`<allow_active>@authaction@</allow_active>`
Added PolicyKit authentication support 2007-12-05 18:21:27 +00:00			`</defaults>`
			`</action>`
Default to admin auth for polkit. Rename policy file 2008-07-11 09:51:25 +00:00			`</policyconfig>`