polkit: Make it possible to write safer rules

[libvirt PATCH 6/6] docs: Document granularPolkit attribute

Posted by Andrea Bolognani 2 years, 2 months ago

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 docs/aclpolkit.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/aclpolkit.rst b/docs/aclpolkit.rst
index 9b0a374c53..fe825c504b 100644
--- a/docs/aclpolkit.rst
+++ b/docs/aclpolkit.rst
@@ -70,6 +70,15 @@ to be approved by Polkit before any further APIs can be called.
 Read-only access is granted to all local users by default, but
 read/write access needs to be explicitly allowed.
 
+:since:`Since 9.10.0`, these requests will come with the ``granular``
+attribute (see below) set to either ``"true"``, if the Polkit access
+driver is enabled, or ``"false"`` otherwise. A policy designed to
+work with the Polkit access driver should only allow the
+``org.libvirt.unix.manage`` action if the ``granular`` attribute is
+set to ``"true"``: failing to do so might result in accidentally
+granting full administrative access to libvirt to more users than
+intended if the Polkit access driver is later disabled.
+
 Object identity attributes
 --------------------------
 
-- 
2.42.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org

[libvirt PATCH 1/6] docs: The Polkit access driver is disabled by default
[libvirt PATCH 2/6] docs: Document org.libvirt.unix.* actions
[libvirt PATCH 3/6] rpc: Introduce virNetServerHasGranularPolkit()
[libvirt PATCH 4/6] remote: Set granularPolkit if applicable
[libvirt PATCH 5/6] remote: Expose granularPolkit attribute to rules
[libvirt PATCH 6/6] docs: Document granularPolkit attribute