Hi Reco, On Fri, Nov 07, 2014 at 06:49:43PM +0300, Reco wrote: > On Fri, 7 Nov 2014 13:00:03 +0100 > Guido Günther <a...@sigxcpu.org> wrote: > > > And what about /lib/systemd/system/libvirtd.socket ? > > A good point. That's something I missed due to not using systemd in > wheezy. > > > > I'm happy to apply patches that improve the situation (either code > > wise or documentation wise) but until the I'd rather not turn this > > into a recommends. > > Attaching a documentation patch for now. Should apply cleanly against > 1.2.9-3~bpo70+1 Debian source. I took the liberty of reusing your name > in the NEWS file as I don't intend to disclose mine. I also transfer > an authorship of this patch and all appropriate rights to the Debian > Libvirt Maintainers. > > Reco
> diff --git a/debian/libvirt-daemon.NEWS b/debian/libvirt-daemon.NEWS > index 59bdd40..d7a23ac 100644 > --- a/debian/libvirt-daemon.NEWS > +++ b/debian/libvirt-daemon.NEWS > @@ -1,3 +1,12 @@ > +libvirt (1.2.9-3~) unstable; urgency=low > + > + From this version upon libvirtd uses PolicyKit to protect own sockets at > + /var/run/libvirt by default. Reverting to the old behaviour (libvirtd's > + sockets are protected by filesystem's permissions) requires editing of > + /etc/libvirt/libvirtd.conf and overriding libvirtd.socket. > + > + -- Guido G??nther <a...@sigxcpu.org> Sun, 07 Dec 2014 18:45:55 +0100 > + Thanks for the path but we have this in libvirt-daemon-system.NEWS already - and that's the package that depends on systemd. We rather need an update to README.Debian of libvirt-daemon-system explaining how to _exactly_ configure socket based security. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
