Hello, I am configuring Polkit using an example I found on the web. It correctly displays the assigned domain for a given user, but when I try to start the VM, I get the following error:
error: Failed to start domain 'debian12' error: access denied: 'network' denied access Here is my configuration: polkit.addRule(function(action, subject) { if (action.id == "org.libvirt.unix.manage" && subject.user == "lolo") { return polkit.Result.YES; } }); polkit.addRule(function(action, subject) { if (action.id.indexOf("org.libvirt.api.domain.") == 0 && subject.user == "lolo") { if (action.lookup("connect_driver") == 'QEMU' && action.lookup("domain_name") == 'debian12') { return polkit.Result.YES; } else { return polkit.Result.NO; } } }); To grant network access, I have to configure the following: polkit.addRule(function(action, subject) { if (action.id.indexOf("org.libvirt.api.network") == 0 && subject.user == "lolo") { return polkit.Result.YES; } }); The problem with the previous configuration is that it allows full access to the network, requiring the following configuration: polkit.addRule(function(action, subject) { if ((action.id == "org.libvirt.api.network.stop" || action.id == "org.libvirt.api.network.delete" || action.id == "org.libvirt.api.network.write") && subject.user == "lolo") { return polkit.Result.NO; } }); By default, shouldn't network access behave like domains or pools, which cannot be deleted? I tested it on Libvirt 9.0.0 and 10.0.0 If you can help me, I would really appreciate it.