blob: fac69bd2a6a2c7323ef55a85aacc2390c1069c4f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
// Allow members of the `wheel` group to manage libvirt (start/stop VMs,
// edit domains, attach devices) without a polkit password prompt.
// This single-user system already trusts wheel for administrative work
// via sudo-rs; libvirt's polkit gate is a separate path that does not
// honour sudoers, so a polkit rule is the idiomatic fix.
polkit.addRule(function (action, subject) {
if (
action.id == "org.libvirt.unix.manage" &&
subject.isInGroup("wheel")
) {
return polkit.Result.YES;
}
});
|
