On Fri, Nov 07, 2014 at 11:01:30AM +0300, Reco wrote: > On Fri, 7 Nov 2014 08:46:42 +0100 > Guido Günther <a...@sigxcpu.org> wrote: > > > Having polkit installed and doing nothing (for people switching to > > socke based permission checks) is IMHO a better service to our users > > than having all the bugs for people installing without recommends (and > > there are many of those). Disabling polkit requires a bit of detailed > > knowledge to not introduce security holes e.g. via the socket > > activation file. > > I agree that libvirtd insists on using 'polkit' authentication by > default. I disagree that there's special knowledge required for > disabling 'polkit' correctly it as all that's really required is to > uncomment unix_sock_group, unix_sock_ro_perms and unix_sock_rw_perms in > libvirtd.conf (which has sane defaults for these), and to change > auth_unix_ro and auth_unix_rw to none.
And what about /lib/systemd/system/libvirtd.socket ? I'm happy to apply patches that improve the situation (either code wise or documentation wise) but until the I'd rather not turn this into a recommends. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
