Comments on: PolicyKit and libvirt integration http://berrange.com/posts/2008/01/11/policykit-and-libvirt-integration/ Writing about photography, open source software, virtualization & more Mon, 06 Feb 2012 00:00:50 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: davidz http://berrange.com/posts/2008/01/11/policykit-and-libvirt-integration/comment-page-1/#comment-32 davidz Fri, 11 Jan 2008 06:29:00 +0000 http://wordpress.berrange.com/?p=29#comment-32 Oh, and 0.7 is only available on Rawhide. And polkit-grant was renamed to polkit-auth. <br /><br />Also with 0.7 you can put additional stuff such as vendor, vendor_url and icon_name in the .policy file, see <a href="http://hal.freedesktop.org/docs/PolicyKit/polkit-conf.html#conf-declaring-actions" rel="nofollow">here</a>, and these are used in both the <a href="http://people.freedesktop.org/~david/polkit-icon-and-vendor.png" rel="nofollow">auth dialog</a> and the new <a href="http://people.freedesktop.org/~david/polkitg-auth-1.png" rel="nofollow">polkit-gnome-authorization</a> tool. Oh, and 0.7 is only available on Rawhide. And polkit-grant was renamed to polkit-auth.

Also with 0.7 you can put additional stuff such as vendor, vendor_url and icon_name in the .policy file, see here, and these are used in both the auth dialog and the new polkit-gnome-authorization tool.

]]> By: davidz http://berrange.com/posts/2008/01/11/policykit-and-libvirt-integration/comment-page-1/#comment-33 davidz Fri, 11 Jan 2008 06:24:00 +0000 http://wordpress.berrange.com/?p=29#comment-33 In 0.7 I've added some convenience API in form of the <a href="http://hal.freedesktop.org/docs/PolicyKit/polkit-polkit-simple.html#polkit-auth-obtain" rel="nofollow">polkit-auth-obtain()</a> function that virsh can use. <br /><br />It even brings up a UI dialog for the authentication if you are running X (if not, it spawns polkit-grant). In addition, it has the advantage that you don't need to retain the authorization for the session; you can choose to keep it only for the invocation of virsh.<br /><br />(I think this might even work for ssh logins (e.g. where we don't have XDG_SESSION_COOKIE); if it doesn't please let me know and I'll fix that.) In 0.7 I’ve added some convenience API in form of the polkit-auth-obtain() function that virsh can use.

It even brings up a UI dialog for the authentication if you are running X (if not, it spawns polkit-grant). In addition, it has the advantage that you don’t need to retain the authorization for the session; you can choose to keep it only for the invocation of virsh.

(I think this might even work for ssh logins (e.g. where we don’t have XDG_SESSION_COOKIE); if it doesn’t please let me know and I’ll fix that.)

]]> By: Jef Spaleta http://berrange.com/posts/2008/01/11/policykit-and-libvirt-integration/comment-page-1/#comment-34 Jef Spaleta Fri, 11 Jan 2008 06:13:00 +0000 http://wordpress.berrange.com/?p=29#comment-34 how do we know what which argument to give polkit-grant --gain ?<br />The authorization error message doesn't say 'org.libvirt.unix.manage' explicitly, nor does it indicate that polkit-grant is the correct avenue for corrective action. how do we know what which argument to give polkit-grant –gain ?
The authorization error message doesn’t say ‘org.libvirt.unix.manage’ explicitly, nor does it indicate that polkit-grant is the correct avenue for corrective action.

]]>