polkit rules for libvirt from ignatenkobrain

2 files changed, 98 insertions, 3 deletions

diff --git a/en-US/Virtualization.xml b/en-US/Virtualization.xml
index 9078353..f4bdbb8 100644
--- a/en-US/Virtualization.xml
+++ b/en-US/Virtualization.xml
@@ -4,6 +4,6 @@
 %BOOK_ENTITIES;
 ]>
 <chapter id="Virtualization">
-<title>Virtualization</title>
-
-<para /> </chapter>
+  <title>Virtualization</title>
+  <xi:include href="Virtualization/Access_To_libvirt_Without_root.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ </chapter>
diff --git a/en-US/Virtualization/Access_To_libvirt_Without_root.xml b/en-US/Virtualization/Access_To_libvirt_Without_root.xml
new file mode 100644
index 0000000..4390eb9
--- /dev/null
+++ b/en-US/Virtualization/Access_To_libvirt_Without_root.xml
@@ -0,0 +1,95 @@
+<?xml version='1.0' encoding='utf-8' ?>
+ <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" 
+   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+     <!ENTITY % BOOK_ENTITIES SYSTEM "Fedora_Cookbook.ent">
+         %BOOK_ENTITIES;
+         ]>
+<!-- Do not edit above this line -->
+<!--
+name: Igor Gnatenko
+fas_id: ignatenkobrain
+email: ignatenkobrain@fedoraproject.org
+-->
+<section id="access-to-libvirt-without-root-privileges">
+  <title>Access to libvirt without root privileges</title>
+  <para>
+    By default, only root can administer virtual machines using libvirt.  Use these instructions to create a special group whose members will be able to use libvirt.
+  </para>
+  <section id="required-ingredients">
+    <title>Required Ingredients</title>
+    <itemizedlist>
+      <listitem>
+        <para>
+          Package 'polkit'
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Package 'libvirt'
+        </para>
+      </listitem>
+    </itemizedlist>
+  </section>
+    <section id="creating-a-name_of_article">
+      <title>Create polkit policy for libvirt</title>
+      <orderedlist >
+        <listitem>
+          <para>
+            Create polkit policy for libvirt:
+          </para>
+          <screen>
+            <command>
+              touch /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla
+            </command>
+          </screen>
+        </listitem>
+        <listitem>
+          <para>
+            Open the policy file in an editor.
+          </para>
+            <screen>
+              <command>
+                nano /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla
+              </command>
+            </screen>
+          </listitem>
+        <listitem >
+          <para>
+            Paste in the rule below.
+          </para>
+        <screen>
+        [libvirt group Management Access] Identity=unix-group:libvirt
+        Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes
+        ResultActive=yes
+      </screen>
+    </listitem>
+        <listitem >
+          <para>
+            Create group for users that can access libvirt without
+            root privileges:
+          </para>
+        <screen>
+          groupadd libvirt
+        </screen>
+      </listitem>
+        <listitem >
+          <para>
+            Add your users to the special group:
+          </para>
+        <screen>
+          <command>usermod -a -G libvirt user_name</command>
+        </screen>
+      </listitem>
+    </orderedlist>
+    </section>
+      <section>
+        <title>References:</title>
+      <itemizedlist>
+        <listitem>
+          <para>
+            <ulink url="http://wiki.libvirt.org/page/SSHPolicyKitSetup#Configuration_for_group_access">Libvirt policykit documentation</ulink>
+          </para>
+        </listitem>
+      </itemizedlist>
+  </section>
+</section>