1. 27 Jul, 2018 1 commit
  2. 18 Jul, 2018 1 commit
  3. 10 Jul, 2018 1 commit
  4. 02 Jul, 2018 4 commits
  5. 12 Jun, 2018 1 commit
  6. 16 May, 2018 1 commit
  7. 21 Mar, 2018 1 commit
  8. 07 Nov, 2017 1 commit
    • Daniel P. Berrange's avatar
      Run system instance as an unprivileged user account · 43f9cd72
      Daniel P. Berrange authored
      There is no reason for the libvirt-dbus daemon to require root privileges. All
      it actually needs is ability to connect to libvirtd, which can be achieved by
      dropping in a polkit configuration file.
      
      Now a libvirt connection to the system bus gives you privileges equivalent to
      root, so this doesn't really improve security on its own. It relies on there
      being a dbus policy that prevents users from issuing elevated APIs.
      
      For example, a DBus policy could allow non-root users to list VMs on the
      system bus and get their status (aka virsh list equiv). In this case, the
      security isolation does give some benefit.
      
      Security can be further improved if the admin uses the libvirt polkit file to
      restrict what libvirt-dbus is permitted to do.
      Reviewed-by: Pavel Hrdina's avatarPavel Hrdina <phrdina@redhat.com>
      Signed-off-by: 's avatarDaniel P. Berrange <berrange@redhat.com>
      43f9cd72
  9. 30 Oct, 2017 1 commit
  10. 19 Aug, 2017 2 commits
  11. 08 Aug, 2017 2 commits
  12. 05 Jul, 2017 1 commit
  13. 03 Jul, 2017 1 commit
  14. 29 Jun, 2017 1 commit
  15. 28 Jun, 2017 1 commit
  16. 27 Jun, 2017 1 commit