The Wiki has moved to new hardware, and the old server died.
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
howtos:general_admin:kvm_libvirt [2014/01/02 13:34 (UTC)] fdonkers [libvirtd daemon] |
howtos:general_admin:kvm_libvirt [2014/01/02 13:34 (UTC)] fdonkers [PolicyKit setup] |
||
---|---|---|---|
Line 15: | Line 15: | ||
- | ==== PolicyKit setup ==== | ||
- | Libvirt is built by default with PolicyKit support. If you want to disable this, edit ''/etc/libvirt/libvirtd.conf''. Uncomment the following options and change them to ''none'' : | ||
- | <code> | ||
- | auth_unix_ro = "none" | ||
- | auth_unix_rw = "none" | ||
- | </code> | ||
- | |||
- | To use PolicyKit, a new file containing policy rules needs to be created in the ''/etc/polkit-1/localauthority/50-local.d'' directory. The file needs to start with a 2-digit number and have a ''pkla'' extension. For example: ''50-libvirt-authorization.pkla''. The following authorization can be issued: | ||
- | * Full management access: rule = org.libvirt.unix.manage. | ||
- | * Read-only, or monitoring access: rule = org.libvirt.unix.monitor. | ||
- | |||
- | Example to give management access to all users of a given group: | ||
- | <code> | ||
- | [libvirt Management Access] | ||
- | Identity=unix-group:libvirt | ||
- | Action=org.libvirt.unix.manage | ||
- | ResultAny=yes | ||
- | ResultInactive=yes | ||
- | ResultActive=yes | ||
- | </code> | ||
- | This allows all users of the ''libvirt'' group to manage virtual machines. The //libvirt Management Access// name is an arbitrary text you can change to fit your needs. | ||
- | |||
- | To allow access on a per-user basis, use the //Identity=unix-user// option : | ||
- | <code> | ||
- | [libvirt Management Access] | ||
- | Identity=unix-user:frank | ||
- | Action=org.libvirt.unix.manage | ||
- | ResultAny=yes | ||
- | ResultInactive=yes | ||
- | ResultActive=yes | ||
- | </code> | ||
- | This will grant user //frank// management access to libvirt. | ||
==== Automatic startup ==== | ==== Automatic startup ==== |