[fedora-cookbook] master: polkit rules for libvirt from ignatenkobrain (1d8528f)
immanetize at fedoraproject.org
immanetize at fedoraproject.org
Sun May 18 07:44:29 UTC 2014
Repository : http://git.fedorahosted.org/cgit/docs/fedora-cookbook.git
On branch : master
>---------------------------------------------------------------
commit 1d8528f88edd9d79e50fb0d8a0a7dfa69ce5d8d3
Author: Pete Travis <immanetize at fedoraproject.org>
Date: Sun May 18 01:43:54 2014 -0600
polkit rules for libvirt from ignatenkobrain
>---------------------------------------------------------------
en-US/Virtualization.xml | 6 +-
.../Access_To_libvirt_Without_root.xml | 95 ++++++++++++++++++++
2 files changed, 98 insertions(+), 3 deletions(-)
diff --git a/en-US/Virtualization.xml b/en-US/Virtualization.xml
index 9078353..f4bdbb8 100644
--- a/en-US/Virtualization.xml
+++ b/en-US/Virtualization.xml
@@ -4,6 +4,6 @@
%BOOK_ENTITIES;
]>
<chapter id="Virtualization">
-<title>Virtualization</title>
-
-<para /> </chapter>
+ <title>Virtualization</title>
+ <xi:include href="Virtualization/Access_To_libvirt_Without_root.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ </chapter>
diff --git a/en-US/Virtualization/Access_To_libvirt_Without_root.xml b/en-US/Virtualization/Access_To_libvirt_Without_root.xml
new file mode 100644
index 0000000..4390eb9
--- /dev/null
+++ b/en-US/Virtualization/Access_To_libvirt_Without_root.xml
@@ -0,0 +1,95 @@
+<?xml version='1.0' encoding='utf-8' ?>
+ <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+ <!ENTITY % BOOK_ENTITIES SYSTEM "Fedora_Cookbook.ent">
+ %BOOK_ENTITIES;
+ ]>
+<!-- Do not edit above this line -->
+<!--
+name: Igor Gnatenko
+fas_id: ignatenkobrain
+email: ignatenkobrain at fedoraproject.org
+-->
+<section id="access-to-libvirt-without-root-privileges">
+ <title>Access to libvirt without root privileges</title>
+ <para>
+ By default, only root can administer virtual machines using libvirt. Use these instructions to create a special group whose members will be able to use libvirt.
+ </para>
+ <section id="required-ingredients">
+ <title>Required Ingredients</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Package 'polkit'
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Package 'libvirt'
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ <section id="creating-a-name_of_article">
+ <title>Create polkit policy for libvirt</title>
+ <orderedlist >
+ <listitem>
+ <para>
+ Create polkit policy for libvirt:
+ </para>
+ <screen>
+ <command>
+ touch /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla
+ </command>
+ </screen>
+ </listitem>
+ <listitem>
+ <para>
+ Open the policy file in an editor.
+ </para>
+ <screen>
+ <command>
+ nano /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla
+ </command>
+ </screen>
+ </listitem>
+ <listitem >
+ <para>
+ Paste in the rule below.
+ </para>
+ <screen>
+ [libvirt group Management Access] Identity=unix-group:libvirt
+ Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes
+ ResultActive=yes
+ </screen>
+ </listitem>
+ <listitem >
+ <para>
+ Create group for users that can access libvirt without
+ root privileges:
+ </para>
+ <screen>
+ groupadd libvirt
+ </screen>
+ </listitem>
+ <listitem >
+ <para>
+ Add your users to the special group:
+ </para>
+ <screen>
+ <command>usermod -a -G libvirt user_name</command>
+ </screen>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section>
+ <title>References:</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <ulink url="http://wiki.libvirt.org/page/SSHPolicyKitSetup#Configuration_for_group_access">Libvirt policykit documentation</ulink>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+</section>
More information about the docs-commits
mailing list