[Pkg-libvirt-maintainers] Bug#768376: Bug#768376: Bug#768376: libvirt-daemon-system: Please downgrade policykit-1 dependency to recommends
Guido Günther
agx at sigxcpu.org
Fri Nov 7 12:00:03 UTC 2014
On Fri, Nov 07, 2014 at 11:01:30AM +0300, Reco wrote:
> On Fri, 7 Nov 2014 08:46:42 +0100
> Guido Günther <agx at sigxcpu.org> wrote:
>
> > Having polkit installed and doing nothing (for people switching to
> > socke based permission checks) is IMHO a better service to our users
> > than having all the bugs for people installing without recommends (and
> > there are many of those). Disabling polkit requires a bit of detailed
> > knowledge to not introduce security holes e.g. via the socket
> > activation file.
>
> I agree that libvirtd insists on using 'polkit' authentication by
> default. I disagree that there's special knowledge required for
> disabling 'polkit' correctly it as all that's really required is to
> uncomment unix_sock_group, unix_sock_ro_perms and unix_sock_rw_perms in
> libvirtd.conf (which has sane defaults for these), and to change
> auth_unix_ro and auth_unix_rw to none.
And what about /lib/systemd/system/libvirtd.socket ?
I'm happy to apply patches that improve the situation (either code
wise or documentation wise) but until the I'd rather not turn this
into a recommends.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list