From patchwork Thu Feb 18 20:48:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brice Waegeneire X-Patchwork-Id: 27135 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0FEA527BC49; Thu, 18 Feb 2021 20:49:27 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3847827BC4A for ; Thu, 18 Feb 2021 20:49:25 +0000 (GMT) Received: from localhost ([::1]:46118 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lCqEk-0006s6-QF for patchwork@mira.cbaines.net; Thu, 18 Feb 2021 15:49:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:54448) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lCqER-0006rN-6k for guix-patches@gnu.org; Thu, 18 Feb 2021 15:49:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:36653) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lCqEQ-0007zp-Un for guix-patches@gnu.org; Thu, 18 Feb 2021 15:49:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lCqEQ-00052c-TQ for guix-patches@gnu.org; Thu, 18 Feb 2021 15:49:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#46623] [PATCH 2/4] services: libvirt: Change unix-sock-group default. Resent-From: Brice Waegeneire Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 18 Feb 2021 20:49:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46623 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 46623@debbugs.gnu.org Received: via spool by 46623-submit@debbugs.gnu.org id=B46623.161368130619302 (code B ref 46623); Thu, 18 Feb 2021 20:49:02 +0000 Received: (at 46623) by debbugs.gnu.org; 18 Feb 2021 20:48:26 +0000 Received: from localhost ([127.0.0.1]:48192 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lCqDq-00051B-7s for submit@debbugs.gnu.org; Thu, 18 Feb 2021 15:48:26 -0500 Received: from relay1-d.mail.gandi.net ([217.70.183.193]:60171) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lCqDn-00050b-RQ for 46623@debbugs.gnu.org; Thu, 18 Feb 2021 15:48:24 -0500 X-Originating-IP: 176.181.186.101 Received: from localhost (i15-les02-ntr-176-181-186-101.sfr.lns.abo.bbox.fr [176.181.186.101]) (Authenticated sender: brice@waegenei.re) by relay1-d.mail.gandi.net (Postfix) with ESMTPSA id 42D39240005 for <46623@debbugs.gnu.org>; Thu, 18 Feb 2021 20:48:16 +0000 (UTC) From: Brice Waegeneire Date: Thu, 18 Feb 2021 21:48:10 +0100 Message-Id: <20210218204812.21093-2-brice@waegenei.re> X-Mailer: git-send-email 2.30.1 In-Reply-To: <87zh015d48.fsf@waegenei.re> References: <87zh015d48.fsf@waegenei.re> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches When accessing libvrt remotely, polkit can't be used so unless using the root account it's better give access to the libvirt-sock to the libvirt group by default. * gnu/services/virtualization.scm (libvirt-configuration)[unix-sock-group]: Change default from "root" to "libvirt". --- gnu/services/virtualization.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index a45da14a80..afc47ff578 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -168,7 +168,7 @@ stopping the Avahi daemon.") "Default mDNS advertisement name. This must be unique on the immediate broadcast network.") (unix-sock-group - (string "root") + (string "libvirt") "UNIX domain socket group ownership. This can be used to allow a 'trusted' set of users access to management capabilities without becoming root.")