| Message ID | 20210620133940.17491-1-brice@waegenei.re |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [bug#49134] services: libvirt: Change unix-sock-group default. | expand |
| Context | Check | Description |
|---|---|---|
| cbaines/comparison | success | View comparision |
| cbaines/git branch | success | View Git branch |
| cbaines/applying patch | success | View Laminar job |
| cbaines/issue | success | View issue |
Hi, Brice Waegeneire <brice@waegenei.re> skribis: > When accessing libvrtd remotely, polkit can't be used unless you are > logged as root. Instead allow libvirt groups member access to the > control socket. > > * gnu/services/virtualization.scm (libvirt-configuration) > [unix-sock-group]: Change default from "root" to "libvirt". LGTM! Ludo’.
Ludovic Courtès <ludo@gnu.org> writes: > Brice Waegeneire <brice@waegenei.re> skribis: > >> * gnu/services/virtualization.scm (libvirt-configuration) >> [unix-sock-group]: Change default from "root" to "libvirt". > > LGTM! Thank for the reviews Ludo’, pushed as 4dc17cd54e86dbd71d26b87138660d42e8f615a9.
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 36e9feb05c..126fa52279 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -168,7 +168,7 @@ stopping the Avahi daemon.") "Default mDNS advertisement name. This must be unique on the immediate broadcast network.") (unix-sock-group - (string "root") + (string "libvirt") "UNIX domain socket group ownership. This can be used to allow a 'trusted' set of users access to management capabilities without becoming root.")