Bug#929133: [Pkg-libvirt-maintainers] Bug#929133: base-passwd: The 'libvirt' group from virt-manager is not listed in users-and-groups
Hi, On Fri, May 17, 2019 at 10:01:58PM +0100, Colin Watson wrote: > On Fri, May 17, 2019 at 02:14:27PM -0500, Karl O. Pinc wrote: > > I notice that (on stretch) the 'libvirt' group, used by the > > virt-manager package is not listed in > > /usr/share/doc/base-passwd/users-and-groups* > > > > I am unclear whether it should be listed, but it seems worth > > an email. > > Thanks for your report. It isn't really feasible for that document to > be comprehensive, but if the libvirt maintainer or somebody who knows it > reasonably well wanted to contribute a description then I'd happily take > it. We have this in libvirt's README.Debian - Access Control == Access to the libvirt managing tasks is controlled by PolicyKit. To ease configuration membership in the "libvirt" group is sufficient. If you want to manage VMs as non-root you need to add a user to that group. Note that this will allow users in this group to use all of libvirt's API including modifying files on the host. For finer grained access control have a look at libvirt's ACLs. System QEMU/KVM processes are run as user and group libvirt-qemu. This can be adjusted via /etc/libvirt/qemu.conf. - So s.th. like Access to the system libvirt daemon is controlled by that group. Membership in this group gives full daemon access including (but not restricted to) managing virtual machines. Cheers, -- Guido > > -- > Colin Watson [cjwat...@debian.org] > > ___ > Pkg-libvirt-maintainers mailing list > pkg-libvirt-maintain...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
Bug#929133: Fw: Bug#929133: base-passwd: The 'libvirt' group from virt-manager is not listed in users-and-groups
Forwarding your message to the virt-manager maintainers then. They can decide. Begin forwarded message: Date: Fri, 17 May 2019 22:01:58 +0100 From: Colin Watson To: "Karl O. Pinc" , 929...@bugs.debian.org Cc: libv...@packages.debian.org Subject: Re: Bug#929133: base-passwd: The 'libvirt' group from virt-manager is not listed in users-and-groups On Fri, May 17, 2019 at 02:14:27PM -0500, Karl O. Pinc wrote: > I notice that (on stretch) the 'libvirt' group, used by the > virt-manager package is not listed in > /usr/share/doc/base-passwd/users-and-groups* > > I am unclear whether it should be listed, but it seems worth > an email. Thanks for your report. It isn't really feasible for that document to be comprehensive, but if the libvirt maintainer or somebody who knows it reasonably well wanted to contribute a description then I'd happily take it.
Bug#929133: base-passwd: The 'libvirt' group from virt-manager is not listed in users-and-groups
On Fri, May 17, 2019 at 02:14:27PM -0500, Karl O. Pinc wrote: > I notice that (on stretch) the 'libvirt' group, used by the > virt-manager package is not listed in > /usr/share/doc/base-passwd/users-and-groups* > > I am unclear whether it should be listed, but it seems worth > an email. Thanks for your report. It isn't really feasible for that document to be comprehensive, but if the libvirt maintainer or somebody who knows it reasonably well wanted to contribute a description then I'd happily take it. -- Colin Watson [cjwat...@debian.org]
Bug#929133: base-passwd: The 'libvirt' group from virt-manager is not listed in users-and-groups
Package: base-passwd Version: 3.5.43 Severity: wishlist Hello, I notice that (on stretch) the 'libvirt' group, used by the virt-manager package is not listed in /usr/share/doc/base-passwd/users-and-groups* I am unclear whether it should be listed, but it seems worth an email. Regards, Karl -- System Information: Debian Release: 9.9 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages base-passwd depends on: ii libc6 2.24-11+deb9u4 ii libdebconfclient0 0.227 Versions of packages base-passwd recommends: ii debconf [debconf-2.0] 1.5.61 base-passwd suggests no packages. -- debconf information excluded
