Ok, excuse me for misunderstanding, how it is possible then to set up access control when I use remote connection to KVM ( not in UNIX domain)? Is there any way within libvirt, maybe based on authentication or certificates?
2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé <berra...@redhat.com>: > On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote: > > I read this page https://libvirt.org/aclpolkit.html > > And it is written :"At this point in time, the only attribute provided by > > libvirt to identify the user invoking the operation is the PID of the > > client program. This means that the polkit access control driver is only > > useful if connections to libvirt are restricted to its UNIX domain > socket." > > You're mis-interpreted what that means. Libvirt provides the PID to polkit > (well actually pid + starttime), polkit uses this to identify the process > and determine its username and group membership, which is then used to > make access control decisions. > > Regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/ > dberrange :| > |: https://libvirt.org -o- > https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/ > dberrange :| >
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
