search for: policykit

...56:04.580: debug : virEventCalculateTimeout:344 : Timeout at 0 due in -1 ms 17:56:04.580: debug : virEventRunOnce:593 : Poll on 11 handles 0x7f35a4001240 timeout -1 I've already opened up the firewall for port 16509, and allowed the user foreman (member of libvirt_admin) to manage libvirt via PolicyKit Relevant line in iptables, 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:16509 /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla ----------- [libvirt Remote Access] Identity=unix-group:libvirt_admin Action=org.libvirt.unix.manage ResultAny=yes Result...

...7 machines. I suspect that the trouble is related to polkitd and dbus I think that the following error message is a key clue, but I'm not sure how to continue troubleshooting it:. --------------------------begin log----------------------- Jul 15 10:00:27 localhost rtkit-daemon[1609]: Warning: PolicyKit call failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. --------------------------end log----------------------- I can confirm tha...

...encies) to libvirt-1.2.10-3.el6.x86_64. it seems like with the older libvirt and virsh 0.10.2.8 the policy kit authority file would grant access to virsh to manage Dom0 and DomU just fine, but with the switch over to libvirt-1.2.10 (and virsh 1.2.10) something changed, and now not only does the policykit not work, but flags the ?DBus support? error above. running virsh with sudo, or as a privileged user, works just fine. but trying to run it as a non-privileged user, granting access through policy kit, fails. in reviewing the changelogs for libvirt it seems that a patch was applied in late 2014...

Hi, Libvirtd is in listen mode. /etc/libvirt/libvirtd.conf listen_tls = 0 listen_tcp = 1 auth_tcp = "sasl" my trying to setup polkit authentication using http://wiki.libvirt.org/page/SSHPolicyKitSetup [root at aopcach ~]# cat /etc/polkit-1/localauthority/50-local.d/50-org.arindam-libvirt-remote-access.pkla [Remote libvirt SSH access] Identity=unix-user:arindam Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes ResultActive=yes but it fails with: [arindam at aopcach ~]$ virsh...

...fdt filecaps gtk iscsi jpeg lzo ncurses nls numa pin-upstream-blobs png python sdl seccomp smartcard ssh threads tls usb usbredir uuid vde vhost-net virtfs vnc xattr xfs libvirt: audit caps fuse iscsi libvirtd lvm lxc macvtap nls numa parted pcap policykit qemu udev vepa virt-network thanks for any tipps and hints. -- zbfmail - Mittendrin statt nur Datei!

...you'll have to > manually mount anything that's not in /etc/fstab. > > Sounds like gnome's trying to be WinDoze.... Its not ?autofs? specifically (which is a simple thing) but udev talking to udisks, allowing your login session to use udisks to mount the volumes if allowed by PolicyKit, speaking through dbus. Yeah. -- Jonathan Billings <billings at negate.org>

...s just assume local Unix accounts) on a Linux system, and I want them all to have access to KVM-accelerated virtualization. But, I don't want them to be able to meddle with each other's virtual machines. Is there a solution to this problem? Methods of attack that have occured to me: - Use PolicyKit to only allow a user to access qemu:///system VMs that are somehow marked as owned by that user - Run multiple libvirt qemu:///system daemons and restrict access to each on a per-user basis - Allow qemu:///session VMs to actually be KVM-accelerated (this seems like the best way to do it, but...

Hi list, I've installed C 7.1.1503 and I've noticed that simple user can run from bash shutdown -h now/reboot without getting special permission (sudo, su). The machine is a VM without GUI (tested also on physical machine). From reddit I've got a suggestion: removing/comment out "-session optional pam_systemd.so" in /etc/pam.d/system-auth the problem is solved. This is a

...t seem to "see" this dosdevices softlink, and I'm not sure why. Based on the many similar posts I found when searching with Google and with the forum search tool, I have formulated the following hypotheses: 1) perhaps I don't have permission to the device due to file permissions, policykit policy, and/or selinux. (I don't know how to deal with policykit, but I think I have ruled out selinux and device file permissions). 2) WINE requires an fstab entry for mountmgr to recognize a drive when it is mounted (?) (I have tried creating a permanent mount point at /mnt/dvd and an fstab...

As in the example code below. static void do_auth (guestfs_h *g, void *opaque, uint64_t event, int event_handle, int flags, const char *buf, size_t buf_len, const uint64_t *array, size_t array_len) { char **creds; size_t i; char *prompt; char *reply; size_t replylen; // buf will be the libvirt URI. It is always \0-terminated so

...rg-libXcomposite xorg-compositeproto xorg-libXext xorg-libXfixes xorg-fixesproto xorg-libXcomposite xorg-libXcursor xorg-libXcursor xorg-libXdamage xorg-damageproto xorg-libXi xorg-libXi xorg-libXinerama xorg-xineramaproto xorg-libXinerama xorg-libXrandr xorg-randrproto xorg-libXrandr orbit2 libidl policykit eggdbus gnome-mime-data gstreamer gzip texinfo gstreamer libtheora libvorbis libogg orc lcms mesa makedepend xorg-dri2proto xorg-glproto xorg-libXmu xorg-libXt xorg-libsm xorg-libice xorg-libsm xorg-libXxf86vm xorg-xf86vidmodeproto ---> Building python27 Error: Target org.macports.build returne...

...etherboot/pcnet32.zrom /usr/share/qemu/pxe-pcnet.bin +ln -snf ../etherboot/rtl8139.zrom /usr/share/qemu/pxe-rtl8139.bin +ln -snf ../etherboot/virtio-net.zrom /usr/share/qemu/pxe-virtio.bin + # Things we could probably remove if libvirt didn't link against them #RPMS="$RPMS avahi PolicyKit xen-libs" diff --git a/common-pkgs.ks b/common-pkgs.ks index 3c0f278..6f0af6e 100644 --- a/common-pkgs.ks +++ b/common-pkgs.ks @@ -70,3 +70,6 @@ isomd5sum irqbalance cpuspeed acpid +# workaround for gpxe issue with the virt-preview qemu on F11 host kernel +# https://bugzilla.redhat.com/sh...

Signed-off-by: Olaf Hering <olaf at aepfle.de> --- Switching from attach-method "appliance" to "libvirt" has surprising side effects, so show a hint how to resolve the "authentication failed" error from libvirt. Patch is not compile tested. src/libvirtdomain.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libvirtdomain.c b/src/libvirtdomain.c

...loppy >> But, where do you insert this config, please? > This now sounds like a different problem to the subject matter, if > Samba is set up correctly, then the computer should always be able to > logon without problem (provided the network is working). ?! Probably in Ubuntu where policykit rule them all, but for other distro, also ubuntu-derivative like mint, still access to some devices is granted by group membership. So, yes, you login to the machine, but if you are NOT member of some group, you cannot do something... > Also the ' *; *; *; Al0000-2400; > plugdev,fuse,sc...

...s is useful because - ConsoleKit is evolving into a utmp/wtmp replacement so tracking users logging in via ssh is useful - We'll do the right thing on the GNOME Shutdown dialog and prompt when trying to shutdown and there are users logged in via ssh - It's the foundation for the PolicyKit authorization framework to grant authorizations to users that only apply when they are logged in from a well-known remote host. E.g. right now I'm working on adding support to PolicyKit for this so you can do things like polkit-auth --user bateman \ --grant org...

https://bugzilla.redhat.com/show_bug.cgi?id=889082

Dear Experts, "this is system from the hell!" Than was my first reaction when I realized that logged in with GUI (X11) user can turn off (and on) network interfaces. Without being in sudoers file. Wow, this is scary to see on workstations I manage centrally. Even though I did consider local user to be able to execute the command "shutdown" (which distinguished RedHat and

...g lzo ncurses nls numa pin-upstream-blobs png python sdl seccomp > smartcard ssh threads tls usb usbredir uuid vde > vhost-net virtfs vnc xattr xfs > > > libvirt: audit caps fuse iscsi libvirtd lvm lxc > macvtap nls numa parted pcap policykit qemu udev vepa virt-network > > > > > thanks for any tipps and hints. i found out: the windows 7 prof vm was missing the virtio-serial drivers. On trying to install them windows "always" crashes. tried: virtio-win-0.1.109-2/ virtio-win-0.1.105-1/ virtio-win-0.1...

...t;> manually mount anything that's not in /etc/fstab. >> >> Sounds like gnome's trying to be WinDoze.... > > Its not ?autofs? specifically (which is a simple thing) but udev talking to udisks, allowing your login session to use udisks to mount the volumes if allowed by PolicyKit, speaking through dbus. How do I get the ask-first behavior? How do I tell what makes Lifestudio special? When I plug in an SD card through a USB adapter, something asks what I want to do and lists options. In case it helps: [root at localhost sata400-12-homes]# find / -name '*autofs*' /l...

...t a suggestion: removing/comment out "-session optional > pam_systemd.so" in /etc/pam.d/system-auth the problem is solved. > This is a bug? No, that's the wrong way to solve it. > If not, why use this policy? There are security implication? Permissions here are handled by policykit AFAIK. /usr/share/polkit-1/actions/org.freedesktop.login1.policy likely to be of particular interest? jh