New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libvirtd: polkit integration, security fixes #87576
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: 2nd commit should have "nixos/libvirtd" prefix.
11551b6
to
9530d2b
Compare
fixed, thanks |
@GrahamcOfBorg build libvirt |
I will merge this as it presents a security issue, where it is very easy to compromise nixos workstation running libvirtd. I am also using libvirt for some time with this configuration without any issues. |
9530d2b
to
9d7fa9d
Compare
9d7fa9d
to
056ab3d
Compare
Good catch I will create new pull request that explicitly enables polkit. |
Can this be backported? |
Motivation for this change
Currently if libvirtd module is enabled anyone can access libvirtd socket (not only read only), since sockets has wide read and write permissions. This is by design, since in most distros polkit is enabled and polkit does auth/authz checks. In nixos (polkit) auth was disabled and it was thought security was enforced by
unix_sock_rw_perms
, but it was not, since sockets were created by systemd with wide open permissions.Anyway, enabling polkit authorization fixes all that and enables additional rules to be created. A default rule is that anyone with access to
libvirtd
group has access to libvirt, which is the same as in other distros.Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)