Bug 610822

Summary: DOCS: on www.libvirt.org about using PolicyKit authentication for libvirt is out of date
Product: [Community] Virtualization Tools Reporter: Frank Danapfel <fdanapfe>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: berrange, clalance, crobinso, itamar, jclift, jforbes, veillard, virt-maint, xen-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-21 16:58:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch to update the documentation none

Description Frank Danapfel 2010-07-02 14:10:41 UTC 
Description of problem:
The documentation at http://www.libvirt.org/auth.html in the section "Unix socket PolicyKit auth does not work anymore with the newer PolicyKit releases that are shiped with Fedora 12 and newer.

Version-Release number of selected component (if applicable):
libvirt-0.7.1-16.fc12.x86_64
polkit-0.95-2.fc12.x86_64

How reproducible:
always

Steps to Reproduce:
1. try to edit /etc/PolicyKit/PolicyKit.conf as instructed on http://www.libvirt.org/auth.html
  
Actual results:

Expected results:
 
Additional info:
With newer PolicyKit releases users have to add a file /var/lib/polkit-1/localauthority/50-local.d/libvirt.pkla and put the appropriate config in it to modify the default policy. Here's an example libvirt.pkla that gives user "fred" the right to manage libvirt without being prompted for a password:

[Local virt-manager Permissions]
Identity=unix-user:fred
Action=org.libvirt.unix.*
ResultAny=no
ResultInactive=no
ResultActive=yes
Comment 1 Patrick Dignan 2010-08-12 19:16:42 UTC 
Created attachment 438512 [details]
Patch to update the documentation

Here's a patch to update the documentation appropriately.
Comment 2 Justin Clift 2010-09-21 16:58:15 UTC 
This issue has been resolved upstream, with the results now live.

Patch:

  http://libvirt.org/git/?p=libvirt.git;a=commit;h=df1718cc7366296be4ab71c830cc2b93e505ceec

Results:

  http://www.libvirt.org/auth.html#ACL_server_polkit


As an additional thought if it's useful, there's more info on PolicyKit usage with libvirt here too:

  http://wiki.libvirt.org/page/SSHPolicyKitSetup