From nobody Sat May 11 06:27:29 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1700491966128137.80381809888388;
 Mon, 20 Nov 2023 06:52:46 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 1348D186C; Mon, 20 Nov 2023 09:52:45 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id C94051843;
	Mon, 20 Nov 2023 09:50:20 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 2317D1751; Mon, 20 Nov 2023 09:50:03 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 37B5917A0
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 09:50:02 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-179-XupSZ-iXPymImE5UQixWPg-1; Mon, 20 Nov 2023 09:50:00 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2745283FC2F
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:00 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.45.225.177])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B065510F46
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:49:59 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-MC-Unique: XupSZ-iXPymImE5UQixWPg-1
From: Andrea Bolognani <abologna@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH 1/6] docs: The Polkit access driver is disabled by
 default
Date: Mon, 20 Nov 2023 15:49:52 +0100
Message-ID: <20231120144957.13720-2-abologna@redhat.com>
In-Reply-To: <20231120144957.13720-1-abologna@redhat.com>
References: <20231120144957.13720-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: CSYDQSNESSFH7GOAH66HLXLH4FOFHTHT
X-Message-ID-Hash: CSYDQSNESSFH7GOAH66HLXLH4FOFHTHT
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/CSYDQSNESSFH7GOAH66HLXLH4FOFHTHT/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"; x-default="true"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1700491967188100001

This might not be immediately obvious to someone who ended up
on the page without passing through acl.html first.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 docs/aclpolkit.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/aclpolkit.rst b/docs/aclpolkit.rst
index 07f4735001..a9e2a305a5 100644
--- a/docs/aclpolkit.rst
+++ b/docs/aclpolkit.rst
@@ -23,6 +23,13 @@ all APIs, or just read-only access. The polkit access co=
ntrol driver in
 libvirt builds on this capability to allow for fine grained control over
 the operations a user may perform on an object.
=20
+Enabling the polkit driver
+--------------------------
+
+The polkit driver is disabled by default. The `access control
+<acl.html#access-control-drivers>`__ documentation includes
+information on how to enable it.
+
 Permission names
 ----------------
=20
--=20
2.42.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org
From nobody Sat May 11 06:27:29 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1700492195574856.0609460502145;
 Mon, 20 Nov 2023 06:56:35 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 74EC217A2; Mon, 20 Nov 2023 09:56:34 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id CB51517E1;
	Mon, 20 Nov 2023 09:50:48 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 09A9317A9; Mon, 20 Nov 2023 09:50:07 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 6E10A17A2
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 09:50:05 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-317-XmmF_UOgOQGBnZwIy14GIw-1; Mon, 20 Nov 2023 09:50:01 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D460885A59D
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:00 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.45.225.177])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6947B10F44
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:00 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-MC-Unique: XmmF_UOgOQGBnZwIy14GIw-1
From: Andrea Bolognani <abologna@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH 2/6] docs: Document org.libvirt.unix.* actions
Date: Mon, 20 Nov 2023 15:49:53 +0100
Message-ID: <20231120144957.13720-3-abologna@redhat.com>
In-Reply-To: <20231120144957.13720-1-abologna@redhat.com>
References: <20231120144957.13720-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: KLEYEIAYDZI6IATUJ3NWPYJ6TCC5LIZK
X-Message-ID-Hash: KLEYEIAYDZI6IATUJ3NWPYJ6TCC5LIZK
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/KLEYEIAYDZI6IATUJ3NWPYJ6TCC5LIZK/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"; x-default="true"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1700492196812100001

Before any of the API can be executed, the client needs to be
authenticated by allowing one of these special actions.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 docs/aclpolkit.rst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/aclpolkit.rst b/docs/aclpolkit.rst
index a9e2a305a5..9b0a374c53 100644
--- a/docs/aclpolkit.rst
+++ b/docs/aclpolkit.rst
@@ -53,6 +53,23 @@ The default policy for any permission which corresponds =
to a "read only"
 operation, is to allow access. All other permissions default to deny
 access.
=20
+Special actions
+---------------
+
+In addition to the various ``org.libvirt.api.*`` actions mentioned
+above, each of which corresponds to a specific API call, there are
+two more actions that can be allowed or rejected via Polkit rules:
+
+  * ``org.libvirt.unix.monitor`` for read-only access to the API;
+  * ``org.libvirt.unix.manage`` for read/write access.
+
+When a user connects to the daemon locally (or through the ssh
+transport), the appropriate ``org.libvirt.unix.*`` action will need
+to be approved by Polkit before any further APIs can be called.
+
+Read-only access is granted to all local users by default, but
+read/write access needs to be explicitly allowed.
+
 Object identity attributes
 --------------------------
=20
--=20
2.42.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org
From nobody Sat May 11 06:27:29 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1700492359141768.1956881211285;
 Mon, 20 Nov 2023 06:59:19 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 13A0017CE; Mon, 20 Nov 2023 09:59:18 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 89376179F;
	Mon, 20 Nov 2023 09:51:01 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id DB8FF17C4; Mon, 20 Nov 2023 09:50:09 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id D0ECD17A0
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 09:50:05 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73])
 by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-58-z4Dw3zjtOy2xIrd3fq4x4g-1; Mon,
 20 Nov 2023 09:50:02 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B29203822E99
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:01 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.45.225.177])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2338F10F44
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:01 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-MC-Unique: z4Dw3zjtOy2xIrd3fq4x4g-1
From: Andrea Bolognani <abologna@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH 3/6] rpc: Introduce virNetServerHasGranularPolkit()
Date: Mon, 20 Nov 2023 15:49:54 +0100
Message-ID: <20231120144957.13720-4-abologna@redhat.com>
In-Reply-To: <20231120144957.13720-1-abologna@redhat.com>
References: <20231120144957.13720-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: P43LA3BBQTRQSDNDVYP2VSMRNM3CTAWS
X-Message-ID-Hash: P43LA3BBQTRQSDNDVYP2VSMRNM3CTAWS
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/P43LA3BBQTRQSDNDVYP2VSMRNM3CTAWS/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"; x-default="true"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1700492360131100001

It's always set to false for now.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/libvirt_remote.syms    |  1 +
 src/locking/lock_daemon.c  |  6 ++++--
 src/logging/log_daemon.c   |  6 ++++--
 src/lxc/lxc_controller.c   |  3 ++-
 src/remote/remote_daemon.c |  6 ++++--
 src/rpc/virnetserver.c     | 16 ++++++++++++++--
 src/rpc/virnetserver.h     |  4 +++-
 tests/virnetdaemontest.c   |  3 ++-
 8 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
index f0f90815cf..16a8adcdcc 100644
--- a/src/libvirt_remote.syms
+++ b/src/libvirt_remote.syms
@@ -136,6 +136,7 @@ virNetServerGetMaxUnauthClients;
 virNetServerGetName;
 virNetServerGetThreadPoolParameters;
 virNetServerHasClients;
+virNetServerHasGranularPolkit;
 virNetServerNeedsAuth;
 virNetServerNew;
 virNetServerNewPostExecRestart;
diff --git a/src/locking/lock_daemon.c b/src/locking/lock_daemon.c
index ba52ce7d77..ac44c80927 100644
--- a/src/locking/lock_daemon.c
+++ b/src/locking/lock_daemon.c
@@ -129,7 +129,8 @@ virLockDaemonNew(virLockDaemonConfig *config, bool priv=
ileged)
                                 virLockDaemonClientNew,
                                 virLockDaemonClientPreExecRestart,
                                 virLockDaemonClientFree,
-                                (void*)(intptr_t)(privileged ? 0x1 : 0x0))=
))
+                                (void*)(intptr_t)(privileged ? 0x1 : 0x0),
+                                false)))
         goto error;
=20
     if (virNetDaemonAddServer(lockd->dmn, srv) < 0)
@@ -142,7 +143,8 @@ virLockDaemonNew(virLockDaemonConfig *config, bool priv=
ileged)
                                 remoteAdmClientNew,
                                 remoteAdmClientPreExecRestart,
                                 remoteAdmClientFree,
-                                lockd->dmn)))
+                                lockd->dmn,
+                                false)))
         goto error;
=20
     if (virNetDaemonAddServer(lockd->dmn, srv) < 0)
diff --git a/src/logging/log_daemon.c b/src/logging/log_daemon.c
index daf7ef4b2f..752f4bd7b6 100644
--- a/src/logging/log_daemon.c
+++ b/src/logging/log_daemon.c
@@ -124,7 +124,8 @@ virLogDaemonNew(virLogDaemonConfig *config, bool privil=
eged)
                                 virLogDaemonClientNew,
                                 virLogDaemonClientPreExecRestart,
                                 virLogDaemonClientFree,
-                                (void*)(intptr_t)(privileged ? 0x1 : 0x0))=
))
+                                (void*)(intptr_t)(privileged ? 0x1 : 0x0),
+                                false)))
         goto error;
=20
     if (virNetDaemonAddServer(logd->dmn, srv) < 0)
@@ -137,7 +138,8 @@ virLogDaemonNew(virLogDaemonConfig *config, bool privil=
eged)
                                 remoteAdmClientNew,
                                 remoteAdmClientPreExecRestart,
                                 remoteAdmClientFree,
-                                logd->dmn)))
+                                logd->dmn,
+                                false)))
         goto error;
=20
     if (virNetDaemonAddServer(logd->dmn, srv) < 0)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 48f5c73fce..54409d6961 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -928,7 +928,8 @@ static int virLXCControllerSetupServer(virLXCController=
 *ctrl)
                                 virLXCControllerClientPrivateNew,
                                 NULL,
                                 virLXCControllerClientPrivateFree,
-                                ctrl)))
+                                ctrl,
+                                false)))
         goto error;
=20
     if (virSecurityManagerSetSocketLabel(ctrl->securityManager, ctrl->def)=
 < 0)
diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index 657c053f6f..59170373cb 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -1035,7 +1035,8 @@ int main(int argc, char **argv) {
                                 remoteClientNew,
                                 NULL,
                                 remoteClientFree,
-                                NULL))) {
+                                NULL,
+                                false))) {
         ret =3D VIR_DAEMON_ERR_INIT;
         goto cleanup;
     }
@@ -1102,7 +1103,8 @@ int main(int argc, char **argv) {
                                    remoteAdmClientNew,
                                    NULL,
                                    remoteAdmClientFree,
-                                   dmn))) {
+                                   dmn,
+                                   false))) {
         ret =3D VIR_DAEMON_ERR_INIT;
         goto cleanup;
     }
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 770476c1a6..d8c91172d0 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -71,6 +71,8 @@ struct _virNetServer {
     virNetServerClientPrivPreExecRestart clientPrivPreExecRestart;
     virFreeCallback clientPrivFree;
     void *clientPrivOpaque;
+
+    bool granularPolkit;
 };
=20
=20
@@ -365,7 +367,8 @@ virNetServerNew(const char *name,
                 virNetServerClientPrivNew clientPrivNew,
                 virNetServerClientPrivPreExecRestart clientPrivPreExecRest=
art,
                 virFreeCallback clientPrivFree,
-                void *clientPrivOpaque)
+                void *clientPrivOpaque,
+                bool granularPolkit)
 {
     g_autoptr(virNetServer) srv =3D NULL;
     g_autofree char *jobName =3D g_strdup_printf("rpc-%s", name);
@@ -402,6 +405,8 @@ virNetServerNew(const char *name,
     srv->clientPrivFree =3D clientPrivFree;
     srv->clientPrivOpaque =3D clientPrivOpaque;
=20
+    srv->granularPolkit =3D granularPolkit;
+
     return g_steal_pointer(&srv);
 }
=20
@@ -486,7 +491,7 @@ virNetServerNewPostExecRestart(virJSONValue *object,
                                 max_anonymous_clients,
                                 keepaliveInterval, keepaliveCount,
                                 clientPrivNew, clientPrivPreExecRestart,
-                                clientPrivFree, clientPrivOpaque)))
+                                clientPrivFree, clientPrivOpaque, false)))
         return NULL;
=20
     if (!(services =3D virJSONValueObjectGet(object, "services"))) {
@@ -988,6 +993,13 @@ virNetServerGetName(virNetServer *srv)
 }
=20
=20
+bool
+virNetServerHasGranularPolkit(virNetServer *srv)
+{
+    return srv->granularPolkit;
+}
+
+
 int
 virNetServerGetThreadPoolParameters(virNetServer *srv,
                                     size_t *minWorkers,
diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h
index 9f0cf3a3fc..efdfab03b8 100644
--- a/src/rpc/virnetserver.h
+++ b/src/rpc/virnetserver.h
@@ -41,7 +41,8 @@ virNetServer *virNetServerNew(const char *name,
                                 virNetServerClientPrivNew clientPrivNew,
                                 virNetServerClientPrivPreExecRestart clien=
tPrivPreExecRestart,
                                 virFreeCallback clientPrivFree,
-                                void *clientPrivOpaque)
+                                void *clientPrivOpaque,
+                                bool granularPolkit)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(10) ATTRIBUTE_NONNULL(12);
=20
 virNetServer *virNetServerNewPostExecRestart(virJSONValue *object,
@@ -100,6 +101,7 @@ void virNetServerSetClientAuthenticated(virNetServer *s=
rv, virNetServerClient *c
 void virNetServerUpdateServices(virNetServer *srv, bool enabled);
=20
 const char *virNetServerGetName(virNetServer *srv);
+bool virNetServerHasGranularPolkit(virNetServer *srv);
=20
 int virNetServerGetThreadPoolParameters(virNetServer *srv,
                                         size_t *minWorkers,
diff --git a/tests/virnetdaemontest.c b/tests/virnetdaemontest.c
index 110ec748f8..a52f427d89 100644
--- a/tests/virnetdaemontest.c
+++ b/tests/virnetdaemontest.c
@@ -104,7 +104,8 @@ testCreateServer(const char *server_name, const char *h=
ost, int family)
                                 testClientNew,
                                 testClientPreExec,
                                 testClientFree,
-                                NULL)))
+                                NULL,
+                                false)))
         goto error;
=20
     if (!(svc1 =3D virNetServerServiceNewTCP(host,
--=20
2.42.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org
From nobody Sat May 11 06:27:29 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1700492047163617.5385919901146;
 Mon, 20 Nov 2023 06:54:07 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 2DB1E182B; Mon, 20 Nov 2023 09:54:06 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 2E6E717D8;
	Mon, 20 Nov 2023 09:50:31 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 7A5451751; Mon, 20 Nov 2023 09:50:05 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 7A0FD1751
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 09:50:04 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73])
 by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-407-xNokxQP1Oo-V3t1B65OFIw-1; Mon,
 20 Nov 2023 09:50:02 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6ECE03822EAA
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:02 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.45.225.177])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 02B97502A
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:01 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-MC-Unique: xNokxQP1Oo-V3t1B65OFIw-1
From: Andrea Bolognani <abologna@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH 4/6] remote: Set granularPolkit if applicable
Date: Mon, 20 Nov 2023 15:49:55 +0100
Message-ID: <20231120144957.13720-5-abologna@redhat.com>
In-Reply-To: <20231120144957.13720-1-abologna@redhat.com>
References: <20231120144957.13720-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: JCCBDQ2K7NRK7MEE33SYIFVFQUGKXNSK
X-Message-ID-Hash: JCCBDQ2K7NRK7MEE33SYIFVFQUGKXNSK
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/JCCBDQ2K7NRK7MEE33SYIFVFQUGKXNSK/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"; x-default="true"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1700492047679100001

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/remote/remote_daemon.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
index 59170373cb..fc5e543470 100644
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -411,16 +411,29 @@ daemonSetupNetDevOpenvswitch(struct daemonConfig *con=
fig)
=20
=20
 static int
-daemonSetupAccessManager(struct daemonConfig *config)
+daemonSetupAccessManager(struct daemonConfig *config,
+                         bool *granularPolkit)
 {
     virAccessManager *mgr;
     const char *none[] =3D { "none", NULL };
     const char **drv =3D (const char **)config->access_drivers;
+    const char **iter;
=20
     if (!drv ||
         !drv[0])
         drv =3D none;
=20
+    /* We only declare support for granular Polkit access when Polkit
+     * is the only configured access driver, to avoid scenarios in
+     * which the Polkit policy would deny access to a certain action
+     * but another (possibly misconfigured) driver would allow it */
+    *granularPolkit =3D false;
+    iter =3D drv;
+    while (*iter) {
+        *granularPolkit =3D STREQ(*iter, "polkit");
+        iter++;
+    }
+
     if (!(mgr =3D virAccessManagerNewStack(drv)))
         return -1;
=20
@@ -805,6 +818,7 @@ int main(int argc, char **argv) {
     bool implicit_conf =3D false;
     char *run_dir =3D NULL;
     mode_t old_umask;
+    bool granularPolkit =3D false;
=20
     struct option opts[] =3D {
         { "verbose", no_argument, &verbose, 'v' },
@@ -946,7 +960,7 @@ int main(int argc, char **argv) {
=20
     daemonSetupNetDevOpenvswitch(config);
=20
-    if (daemonSetupAccessManager(config) < 0) {
+    if (daemonSetupAccessManager(config, &granularPolkit) < 0) {
         VIR_ERROR(_("Can't initialize access manager"));
         exit(EXIT_FAILURE);
     }
@@ -1036,7 +1050,7 @@ int main(int argc, char **argv) {
                                 NULL,
                                 remoteClientFree,
                                 NULL,
-                                false))) {
+                                granularPolkit))) {
         ret =3D VIR_DAEMON_ERR_INIT;
         goto cleanup;
     }
--=20
2.42.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org
From nobody Sat May 11 06:27:29 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1700492127203326.67434177732775;
 Mon, 20 Nov 2023 06:55:27 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 0718D1863; Mon, 20 Nov 2023 09:55:26 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 459F917C7;
	Mon, 20 Nov 2023 09:50:40 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id B075B17A9; Mon, 20 Nov 2023 09:50:06 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 16837179F
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 09:50:05 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-592-tS-I_FFbNySXZo6_7mBnQA-1; Mon, 20 Nov 2023 09:50:03 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 288F783FC34
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:03 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.45.225.177])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B13A1502A
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:02 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-MC-Unique: tS-I_FFbNySXZo6_7mBnQA-1
From: Andrea Bolognani <abologna@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH 5/6] remote: Expose granularPolkit attribute to rules
Date: Mon, 20 Nov 2023 15:49:56 +0100
Message-ID: <20231120144957.13720-6-abologna@redhat.com>
In-Reply-To: <20231120144957.13720-1-abologna@redhat.com>
References: <20231120144957.13720-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: YNXDNDFTFMQNHU2WKS3R422DMHUNHTHU
X-Message-ID-Hash: YNXDNDFTFMQNHU2WKS3R422DMHUNHTHU
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/YNXDNDFTFMQNHU2WKS3R422DMHUNHTHU/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"; x-default="true"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1700492128331100001

This makes it possible to write Polkit rules that won't
accidentally grant undesired privileges to users.

To understand why this is necessary, suppose we wanted to
grant user "fred" full access to the QEMU domain "demo".

A JavaScript rule along the lines of

  polkit.addRule(function(action, subject) {

    // user "fred"
    if (subject.user =3D=3D "fred") {

      // can authenticate in read/write mode
      if (action.id =3D=3D "org.libvirt.unix.manage") {
        return polkit.Result.YES;
      }

      // and manage the QEMU domain "demo"
      if (action.id.indexOf("org.libvirt.api.domain.") =3D=3D 0 &&
          action.lookup("connect_driver") =3D=3D "QEMU" &&
          action.lookup("domain_name") =3D=3D "demo") {
        return polkit.Result.YES;
      }
    }
  });

would do the trick.

However, suppose that at some point after creating this rule we
disabled the Polkit access control driver and forgot to delete
the file.

All of a sudden, allowing "org.libvirt.unix.manage" is no
longer a trivial matter: since the Polkit access driver doesn't
broker access to subsequent API calls anymore, user "fred" now
has full administrative access to all drivers.

Rewriting the check seen above as

  if (action.id =3D=3D "org.libvirt.unix.manage" &&
      action.lookup("granular") =3D=3D "true") {
    return polkit.Result.YES;
  }

ensures that this undesired scenario will not happen, by only
allowing "org.libvirt.unix.manage" when the Polkit access
driver is enabled.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/remote/remote_daemon_dispatch.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon=
_dispatch.c
index 7daf503b51..2a9ee19cc3 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -3975,6 +3975,10 @@ remoteDispatchAuthPolkit(virNetServer *server,
     uid_t callerUid =3D -1;
     unsigned long long timestamp;
     const char *action;
+    const char *attrs[] =3D {
+        "granular", virNetServerHasGranularPolkit(server) ? "true" : "fals=
e",
+        NULL,
+    };
     char *ident =3D NULL;
     struct daemonClientPrivate *priv =3D
         virNetServerClientGetPrivateData(client);
@@ -4009,7 +4013,7 @@ remoteDispatchAuthPolkit(virNetServer *server,
                             callerPid,
                             timestamp,
                             callerUid,
-                            NULL,
+                            attrs,
                             true);
     if (rv =3D=3D -1)
         goto authfail;
--=20
2.42.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org
From nobody Sat May 11 06:27:29 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1700492265167828.0844473543997;
 Mon, 20 Nov 2023 06:57:45 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 1561217CF; Mon, 20 Nov 2023 09:57:44 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 7AB071805;
	Mon, 20 Nov 2023 09:50:51 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 05B8217B3; Mon, 20 Nov 2023 09:50:09 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 887C517AA
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 09:50:06 -0500 (EST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-333-cvp1lQa7OiWxRhZtxWk_Qg-1; Mon, 20 Nov 2023 09:50:04 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D65C3810FCB
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:03 +0000 (UTC)
Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown
 [10.45.225.177])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6ADC95028
	for <devel@lists.libvirt.org>; Mon, 20 Nov 2023 14:50:03 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-MC-Unique: cvp1lQa7OiWxRhZtxWk_Qg-1
From: Andrea Bolognani <abologna@redhat.com>
To: devel@lists.libvirt.org
Subject: [libvirt PATCH 6/6] docs: Document granularPolkit attribute
Date: Mon, 20 Nov 2023 15:49:57 +0100
Message-ID: <20231120144957.13720-7-abologna@redhat.com>
In-Reply-To: <20231120144957.13720-1-abologna@redhat.com>
References: <20231120144957.13720-1-abologna@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: QQIMTALAGRS3LW77AGA3SF3XZ2OS3Q6O
X-Message-ID-Hash: QQIMTALAGRS3LW77AGA3SF3XZ2OS3Q6O
X-MailFrom: abologna@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/QQIMTALAGRS3LW77AGA3SF3XZ2OS3Q6O/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"; x-default="true"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1700492267317100001

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 docs/aclpolkit.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/aclpolkit.rst b/docs/aclpolkit.rst
index 9b0a374c53..fe825c504b 100644
--- a/docs/aclpolkit.rst
+++ b/docs/aclpolkit.rst
@@ -70,6 +70,15 @@ to be approved by Polkit before any further APIs can be =
called.
 Read-only access is granted to all local users by default, but
 read/write access needs to be explicitly allowed.
=20
+:since:`Since 9.10.0`, these requests will come with the ``granular``
+attribute (see below) set to either ``"true"``, if the Polkit access
+driver is enabled, or ``"false"`` otherwise. A policy designed to
+work with the Polkit access driver should only allow the
+``org.libvirt.unix.manage`` action if the ``granular`` attribute is
+set to ``"true"``: failing to do so might result in accidentally
+granting full administrative access to libvirt to more users than
+intended if the Polkit access driver is later disabled.
+
 Object identity attributes
 --------------------------
=20
--=20
2.42.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org