diff options
| author | Frederik Rietdijk <fridh@fridh.nl> | 2020-05-14 09:25:16 +0200 |
|---|---|---|
| committer | Frederik Rietdijk <fridh@fridh.nl> | 2020-05-14 09:25:25 +0200 |
| commit | 92a26320e7b9bbfe781e222a17c518443f63316a (patch) | |
| tree | db6e4fe7706ec8c065d7efe10e93b38ea1b149ba /nixos/modules/virtualisation/libvirtd.nix | |
| parent | 2006fd4fc5a20c72ab2166b2b4039307f4f54bcb (diff) | |
| parent | 85a05878846b75254f97b8690c18a470cfe982f0 (diff) | |
| download | nixlib-92a26320e7b9bbfe781e222a17c518443f63316a.tar nixlib-92a26320e7b9bbfe781e222a17c518443f63316a.tar.gz nixlib-92a26320e7b9bbfe781e222a17c518443f63316a.tar.bz2 nixlib-92a26320e7b9bbfe781e222a17c518443f63316a.tar.lz nixlib-92a26320e7b9bbfe781e222a17c518443f63316a.tar.xz nixlib-92a26320e7b9bbfe781e222a17c518443f63316a.tar.zst nixlib-92a26320e7b9bbfe781e222a17c518443f63316a.zip | |
Merge master into staging-next
Diffstat (limited to 'nixos/modules/virtualisation/libvirtd.nix')
| -rw-r--r-- | nixos/modules/virtualisation/libvirtd.nix | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix index 4f22099443f4..f89e5d544b22 100644 --- a/nixos/modules/virtualisation/libvirtd.nix +++ b/nixos/modules/virtualisation/libvirtd.nix @@ -7,10 +7,8 @@ let cfg = config.virtualisation.libvirtd; vswitch = config.virtualisation.vswitch; configFile = pkgs.writeText "libvirtd.conf" '' - unix_sock_group = "libvirtd" - unix_sock_rw_perms = "0770" - auth_unix_ro = "none" - auth_unix_rw = "none" + auth_unix_ro = "polkit" + auth_unix_rw = "polkit" ${cfg.extraConfig} ''; qemuConfigFile = pkgs.writeText "qemu.conf" '' @@ -269,5 +267,14 @@ in { systemd.sockets.libvirtd .wantedBy = [ "sockets.target" ]; systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ]; + + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.libvirt.unix.manage" && + subject.isInGroup("libvirtd")) { + return polkit.Result.YES; + } + }); + ''; }; } |