diff options
author | Igor Gnatenko <i.gnatenko.brain@gmail.com> | 2014-05-18 01:43:54 -0600 |
---|---|---|
committer | Pete Travis <immanetize@fedoraproject.org> | 2014-05-18 02:01:39 -0600 |
commit | 9431973c090de3b069f35f4f1fbfb5b01eaaa305 (patch) | |
tree | 9a10f9f89c3ac3082f6503ec121d74fba690b02f | |
parent | f09f40cf450a49e287127eecede2d96d06283b14 (diff) | |
download | fedora-cookbook-9431973c090de3b069f35f4f1fbfb5b01eaaa305.tar.gz fedora-cookbook-9431973c090de3b069f35f4f1fbfb5b01eaaa305.tar.xz fedora-cookbook-9431973c090de3b069f35f4f1fbfb5b01eaaa305.zip |
polkit rules for libvirt from ignatenkobrain
-rw-r--r-- | en-US/Virtualization.xml | 6 | ||||
-rw-r--r-- | en-US/Virtualization/Access_To_libvirt_Without_root.xml | 95 |
2 files changed, 98 insertions, 3 deletions
diff --git a/en-US/Virtualization.xml b/en-US/Virtualization.xml index 9078353..f4bdbb8 100644 --- a/en-US/Virtualization.xml +++ b/en-US/Virtualization.xml @@ -4,6 +4,6 @@ %BOOK_ENTITIES; ]> <chapter id="Virtualization"> -<title>Virtualization</title> - -<para /> </chapter> + <title>Virtualization</title> + <xi:include href="Virtualization/Access_To_libvirt_Without_root.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + </chapter> diff --git a/en-US/Virtualization/Access_To_libvirt_Without_root.xml b/en-US/Virtualization/Access_To_libvirt_Without_root.xml new file mode 100644 index 0000000..4390eb9 --- /dev/null +++ b/en-US/Virtualization/Access_To_libvirt_Without_root.xml @@ -0,0 +1,95 @@ +<?xml version='1.0' encoding='utf-8' ?> + <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ + <!ENTITY % BOOK_ENTITIES SYSTEM "Fedora_Cookbook.ent"> + %BOOK_ENTITIES; + ]> +<!-- Do not edit above this line --> +<!-- +name: Igor Gnatenko +fas_id: ignatenkobrain +email: ignatenkobrain@fedoraproject.org +--> +<section id="access-to-libvirt-without-root-privileges"> + <title>Access to libvirt without root privileges</title> + <para> + By default, only root can administer virtual machines using libvirt. Use these instructions to create a special group whose members will be able to use libvirt. + </para> + <section id="required-ingredients"> + <title>Required Ingredients</title> + <itemizedlist> + <listitem> + <para> + Package 'polkit' + </para> + </listitem> + <listitem> + <para> + Package 'libvirt' + </para> + </listitem> + </itemizedlist> + </section> + <section id="creating-a-name_of_article"> + <title>Create polkit policy for libvirt</title> + <orderedlist > + <listitem> + <para> + Create polkit policy for libvirt: + </para> + <screen> + <command> + touch /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla + </command> + </screen> + </listitem> + <listitem> + <para> + Open the policy file in an editor. + </para> + <screen> + <command> + nano /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla + </command> + </screen> + </listitem> + <listitem > + <para> + Paste in the rule below. + </para> + <screen> + [libvirt group Management Access] Identity=unix-group:libvirt + Action=org.libvirt.unix.manage ResultAny=yes ResultInactive=yes + ResultActive=yes + </screen> + </listitem> + <listitem > + <para> + Create group for users that can access libvirt without + root privileges: + </para> + <screen> + groupadd libvirt + </screen> + </listitem> + <listitem > + <para> + Add your users to the special group: + </para> + <screen> + <command>usermod -a -G libvirt user_name</command> + </screen> + </listitem> + </orderedlist> + </section> + <section> + <title>References:</title> + <itemizedlist> + <listitem> + <para> + <ulink url="http://wiki.libvirt.org/page/SSHPolicyKitSetup#Configuration_for_group_access">Libvirt policykit documentation</ulink> + </para> + </listitem> + </itemizedlist> + </section> +</section> |