On Fri, 7 Nov 2014 13:00:03 +0100 Guido Günther <a...@sigxcpu.org> wrote:
> And what about /lib/systemd/system/libvirtd.socket ? A good point. That's something I missed due to not using systemd in wheezy. > I'm happy to apply patches that improve the situation (either code > wise or documentation wise) but until the I'd rather not turn this > into a recommends. Attaching a documentation patch for now. Should apply cleanly against 1.2.9-3~bpo70+1 Debian source. I took the liberty of reusing your name in the NEWS file as I don't intend to disclose mine. I also transfer an authorship of this patch and all appropriate rights to the Debian Libvirt Maintainers. Reco
diff --git a/debian/libvirt-daemon.NEWS b/debian/libvirt-daemon.NEWS index 59bdd40..d7a23ac 100644 --- a/debian/libvirt-daemon.NEWS +++ b/debian/libvirt-daemon.NEWS @@ -1,3 +1,12 @@ +libvirt (1.2.9-3~) unstable; urgency=low + + From this version upon libvirtd uses PolicyKit to protect own sockets at + /var/run/libvirt by default. Reverting to the old behaviour (libvirtd's + sockets are protected by filesystem's permissions) requires editing of + /etc/libvirt/libvirtd.conf and overriding libvirtd.socket. + + -- Guido Günther <a...@sigxcpu.org> Sun, 07 Dec 2014 18:45:55 +0100 + libvirt (1.1.4-2~) unstable; urgency=low If you're using cgroups make sure you're using a different mount per cgroup
