From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id YEGsKtnSLmAPLQAA0tVLHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 18 Feb 2021 20:49:29 +0000
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id wGR9JtnSLmCcfwAAbx9fmQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 18 Feb 2021 20:49:29 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 311B7120F3
	for <larch@yhetil.org>; Thu, 18 Feb 2021 21:49:29 +0100 (CET)
Received: from localhost ([::1]:46118 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1lCqEp-0006s6-Rk
	for larch@yhetil.org; Thu, 18 Feb 2021 15:49:27 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:54448)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lCqER-0006rN-6k
 for guix-patches@gnu.org; Thu, 18 Feb 2021 15:49:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:36653)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lCqEQ-0007zp-Un
 for guix-patches@gnu.org; Thu, 18 Feb 2021 15:49:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1lCqEQ-00052c-TQ
 for guix-patches@gnu.org; Thu, 18 Feb 2021 15:49:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#46623] [PATCH 2/4] services: libvirt: Change unix-sock-group
 default.
Resent-From: Brice Waegeneire <brice@waegenei.re>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 18 Feb 2021 20:49:02 +0000
Resent-Message-ID: <handler.46623.B46623.161368130619302@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 46623
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 46623@debbugs.gnu.org
Received: via spool by 46623-submit@debbugs.gnu.org id=B46623.161368130619302
 (code B ref 46623); Thu, 18 Feb 2021 20:49:02 +0000
Received: (at 46623) by debbugs.gnu.org; 18 Feb 2021 20:48:26 +0000
Received: from localhost ([127.0.0.1]:48192 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1lCqDq-00051B-7s
 for submit@debbugs.gnu.org; Thu, 18 Feb 2021 15:48:26 -0500
Received: from relay1-d.mail.gandi.net ([217.70.183.193]:60171)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <brice@waegenei.re>) id 1lCqDn-00050b-RQ
 for 46623@debbugs.gnu.org; Thu, 18 Feb 2021 15:48:24 -0500
X-Originating-IP: 176.181.186.101
Received: from localhost (i15-les02-ntr-176-181-186-101.sfr.lns.abo.bbox.fr
 [176.181.186.101]) (Authenticated sender: brice@waegenei.re)
 by relay1-d.mail.gandi.net (Postfix) with ESMTPSA id 42D39240005
 for <46623@debbugs.gnu.org>; Thu, 18 Feb 2021 20:48:16 +0000 (UTC)
From: Brice Waegeneire <brice@waegenei.re>
Date: Thu, 18 Feb 2021 21:48:10 +0100
Message-Id: <20210218204812.21093-2-brice@waegenei.re>
X-Mailer: git-send-email 2.30.1
In-Reply-To: <87zh015d48.fsf@waegenei.re>
References: <87zh015d48.fsf@waegenei.re>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: 2.63
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Queue-Id: 311B7120F3
X-Spam-Score: 2.63
X-Migadu-Scanner: scn0.migadu.com
X-TUID: XfoDjfqZ8VnN

When accessing libvrt remotely, polkit can't be used so unless using
the root account it's better give access to the libvirt-sock to the
libvirt group by default.

*
gnu/services/virtualization.scm (libvirt-configuration)[unix-sock-group]:
Change default from "root" to "libvirt".
---
 gnu/services/virtualization.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index a45da14a80..afc47ff578 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -168,7 +168,7 @@ stopping the Avahi daemon.")
    "Default mDNS advertisement name. This must be unique on the
 immediate broadcast network.")
   (unix-sock-group
-   (string "root")
+   (string "libvirt")
    "UNIX domain socket group ownership. This can be used to
 allow a 'trusted' set of users access to management capabilities
 without becoming root.")
-- 
2.30.1