mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 15:15:25 +00:00
8e06c8b3da
* configure.in: Check for pkcheck which indicates new policykit * qemud/Makefile.am: Install different versions of policy * qemud/libvirtd.policy: Rename to libvirtd.policy-0 * qemud/libvirtd.policy-1: new style policy * qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new policykit API via external pkcheck helper * src/remote_internal.c: Don't prompt for polkit auth with new policykit API * libvirt.spec.in: deal with new policy install locations & deps
43 lines
1.6 KiB
Plaintext
43 lines
1.6 KiB
Plaintext
<!DOCTYPE policyconfig PUBLIC
|
|
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
|
|
|
|
<!--
|
|
Policy definitions for libvirt daemon
|
|
|
|
Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
|
|
|
|
libvirt is licensed to you under the GNU Lesser General Public License
|
|
version 2. See COPYING for details.
|
|
|
|
NOTE: If you make changes to this file, make sure to validate the file
|
|
using the polkit-policy-file-validate(1) tool. Changes made to this
|
|
file are instantly applied.
|
|
-->
|
|
|
|
<policyconfig>
|
|
<action id="org.libvirt.unix.monitor">
|
|
<description>Monitor local virtualized systems</description>
|
|
<message>System policy prevents monitoring of local virtualized systems</message>
|
|
<defaults>
|
|
<!-- Any program can use libvirt in read-only mode for monitoring,
|
|
even if not part of a session -->
|
|
<allow_any>yes</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.libvirt.unix.manage">
|
|
<description>Manage local virtualized systems</description>
|
|
<message>System policy prevents management of local virtualized systems</message>
|
|
<defaults>
|
|
<!-- Only a program in the active host session can use libvirt in
|
|
read-write mode for management, and we require user password -->
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>no</allow_inactive>
|
|
<allow_active>auth_admin_keep_session</allow_active>
|
|
</defaults>
|
|
</action>
|
|
</policyconfig>
|