Red Hat Bugzilla – Bug 592093
Unauthenticated user can delete/create connection
Last modified: 2010-05-13 17:36:00 EDT
Description of problem:
If the user slides the authentication window out of the way, they can add or delete connections.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Start virt-manager
2. Move authentication window out of the way
3. Right click on kvm connection and select delete
4. Click on the File | Add Connection menu item
5. Add a connection to a Xen system
Unauthenticated user should not be able to do anything.
What is being authenticated is the actual libvirt communication channel, not virt-manager itself. You can cancel the polkit dialog and change virt-manager preferences at will, since they belong to the user running the app. Creating or deleting a connection just makes virt-manager forget about it, it doesn't have any effect on libvirt or vms.