BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nixos/libvirtd: use polkit for auth

Browse source
This commit is contained in:
Jaka Hudoklin 2020-04-15 23:16:13 +07:00
parent 741c8c24e1
commit 056ab3d278
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
nixos/modules/virtualisation/libvirtd.nix
View file

@ -7,10 +7,8 @@ let
cfg = config.virtualisation.libvirtd;
vswitch = config.virtualisation.vswitch;
configFile = pkgs.writeText "libvirtd.conf" ''
unix_sock_group = "libvirtd"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
auth_unix_ro = "polkit"
auth_unix_rw = "polkit"
${cfg.extraConfig}
'';
qemuConfigFile = pkgs.writeText "qemu.conf" ''
@ -269,5 +267,14 @@ in {
systemd.sockets.libvirtd .wantedBy = [ "sockets.target" ];
systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ];
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.isInGroup("libvirtd")) {
return polkit.Result.YES;
}
});
'';
};
}