<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> <!-- Policy definitions for libvirt daemon Copyright (c) 2007 Daniel P. Berrange <berrange redhat com> libvirt is licensed to you under the GNU Lesser General Public License version 2. See COPYING for details. NOTE: If you make changes to this file, make sure to validate the file using the polkit-policy-file-validate(1) tool. Changes made to this file are instantly applied. --> <policyconfig> <action id="org.libvirt.unix.monitor"> <description>Monitor local virtualized systems</description> <message>System policy prevents monitoring of local virtualized systems</message> <defaults> <!-- Any program can use libvirt in read-only mode for monitoring, even if not part of a session --> <allow_any>yes</allow_any> <allow_inactive>yes</allow_inactive> <allow_active>yes</allow_active> </defaults> </action> <action id="org.libvirt.unix.manage"> <description>Manage local virtualized systems</description> <message>System policy prevents management of local virtualized systems</message> <defaults> <!-- Only a program in the active host session can use libvirt in read-write mode for management, and we require user password --> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep_session</allow_active> </defaults> </action> </policyconfig>