[PATCH] services: libvirt: Change unix-sock-group default.

  • Done
  • quality assurance status badge
Details
2 participants
  • Brice Waegeneire
  • Ludovic Courtès
Owner
unassigned
Submitted by
Brice Waegeneire
Severity
normal
B
B
Brice Waegeneire wrote on 20 Jun 2021 15:39
(address . guix-patches@gnu.org)
20210620133940.17491-1-brice@waegenei.re
When accessing libvrtd remotely, polkit can't be used unless you are
logged as root. Instead allow libvirt groups member access to the
control socket.

* gnu/services/virtualization.scm (libvirt-configuration)
[unix-sock-group]: Change default from "root" to "libvirt".
---
gnu/services/virtualization.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index 36e9feb05c..126fa52279 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -168,7 +168,7 @@ stopping the Avahi daemon.")
"Default mDNS advertisement name. This must be unique on the
immediate broadcast network.")
(unix-sock-group
- (string "root")
+ (string "libvirt")
"UNIX domain socket group ownership. This can be used to
allow a 'trusted' set of users access to management capabilities
without becoming root.")
--
2.31.1
L
L
Ludovic Courtès wrote on 3 Sep 2021 18:09
(name . Brice Waegeneire)(address . brice@waegenei.re)(address . 49134@debbugs.gnu.org)
87ilzh1w08.fsf@gnu.org
Hi,

Brice Waegeneire <brice@waegenei.re> skribis:

Toggle quote (7 lines)
> When accessing libvrtd remotely, polkit can't be used unless you are
> logged as root. Instead allow libvirt groups member access to the
> control socket.
>
> * gnu/services/virtualization.scm (libvirt-configuration)
> [unix-sock-group]: Change default from "root" to "libvirt".

LGTM!

Ludo’.
B
B
Brice Waegeneire wrote on 4 Sep 2021 09:34
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 49134-done@debbugs.gnu.org)
87eea4hjzo.fsf_-_@waegenei.re
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (7 lines)
> Brice Waegeneire <brice@waegenei.re> skribis:
>
>> * gnu/services/virtualization.scm (libvirt-configuration)
>> [unix-sock-group]: Change default from "root" to "libvirt".
>
> LGTM!

Thank for the reviews Ludo’, pushed as 4dc17cd54e86dbd71d26b87138660d42e8f615a9.
Closed
?