nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 23:43:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/libvirtd: use polkit for auth

Browse Source
This commit is contained in:
Jaka Hudoklin 2020-04-15 23:16:13 +07:00
parent 741c8c24e1
commit 056ab3d278
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
nixos/modules/virtualisation/libvirtd.nix
View File

@ -7,10 +7,8 @@ let
cfg = config.virtualisation.libvirtd; cfg = config.virtualisation.libvirtd;
vswitch = config.virtualisation.vswitch; vswitch = config.virtualisation.vswitch;
configFile = pkgs.writeText "libvirtd.conf" '' configFile = pkgs.writeText "libvirtd.conf" ''
unix_sock_group = "libvirtd" auth_unix_ro = "polkit"
unix_sock_rw_perms = "0770" auth_unix_rw = "polkit"
auth_unix_ro = "none"
auth_unix_rw = "none"
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
qemuConfigFile = pkgs.writeText "qemu.conf" '' qemuConfigFile = pkgs.writeText "qemu.conf" ''
@ -269,5 +267,14 @@ in {
systemd.sockets.libvirtd .wantedBy = [ "sockets.target" ]; systemd.sockets.libvirtd .wantedBy = [ "sockets.target" ];
systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ]; systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ];
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.isInGroup("libvirtd")) {
return polkit.Result.YES;
}
});
'';
}; };
} }