Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2b51171fb6ea
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 9a29fe5808ce
Choose a head ref
  • 3 commits
  • 2 files changed
  • 2 contributors

Commits on May 13, 2020

  1. libvirt: enable polkit support

    @offlinehacker
    offlinehacker committed May 13, 2020
    Copy the full SHA
    741c8c2 View commit details

  2. nixos/libvirtd: use polkit for auth

    @offlinehacker
    offlinehacker committed May 13, 2020
    Copy the full SHA
    056ab3d View commit details

  3. Merge pull request #87576 from xtruder/pkgs/libvirtd/polkit 

    libvirtd: polkit integration, security fixes
    @offlinehacker
    offlinehacker authored May 13, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    9a29fe5 View commit details
Showing with 14 additions and 6 deletions.
  1. +11 −4 nixos/modules/virtualisation/libvirtd.nix
  2. +3 −2 pkgs/development/libraries/libvirt/default.nix
15 changes: 11 additions & 4 deletions nixos/modules/virtualisation/libvirtd.nix
View file
Original file line number Diff line number Diff line change
@@ -7,10 +7,8 @@ let
cfg = config.virtualisation.libvirtd;
vswitch = config.virtualisation.vswitch;
configFile = pkgs.writeText "libvirtd.conf" ''
unix_sock_group = "libvirtd"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
auth_unix_ro = "polkit"
auth_unix_rw = "polkit"
${cfg.extraConfig}
'';
qemuConfigFile = pkgs.writeText "qemu.conf" ''
@@ -269,5 +267,14 @@ in {

systemd.sockets.libvirtd .wantedBy = [ "sockets.target" ];
systemd.sockets.libvirtd-tcp.wantedBy = [ "sockets.target" ];

security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.isInGroup("libvirtd")) {
return polkit.Result.YES;
}
});
'';
};
}
5 changes: 3 additions & 2 deletions pkgs/development/libraries/libvirt/default.nix
View file
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
, iproute, iptables, readline, lvm2, utillinux, systemd, libpciaccess, gettext
, libtasn1, ebtables, libgcrypt, yajl, pmutils, libcap_ng, libapparmor
, dnsmasq, libnl, libpcap, libxslt, xhtml1, numad, numactl, perlPackages
, curl, libiconv, gmp, zfs, parted, bridge-utils, dmidecode
, curl, libiconv, gmp, zfs, parted, bridge-utils, dmidecode, dbus
, enableXen ? false, xen ? null
, enableIscsi ? false, openiscsi
, enableCeph ? false, ceph
@@ -36,7 +36,7 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper pkgconfig docutils ] ++ optionals (!buildFromTarball) [ autoreconfHook ];
buildInputs = [
libxml2 gnutls perl python2 readline gettext libtasn1 libgcrypt yajl
libxslt xhtml1 perlPackages.XMLXPath curl libpcap glib
libxslt xhtml1 perlPackages.XMLXPath curl libpcap glib dbus
] ++ optionals stdenv.isLinux [
libpciaccess lvm2 utillinux systemd libnl numad zfs
libapparmor libcap_ng numactl attr parted
@@ -74,6 +74,7 @@ in stdenv.mkDerivation rec {
"--with-test"
"--with-esx"
"--with-remote"
"--with-polkit"
] ++ optionals stdenv.isLinux [
"QEMU_BRIDGE_HELPER=/run/wrappers/bin/qemu-bridge-helper"
"QEMU_PR_HELPER=/run/libvirt/nix-helpers/qemu-pr-helper"