Este arquivo como regra do polkit
function myFunction(username, virtualmachine) {
var arr = virtualmachine.split("*");
if(arr[0]==username){
return true;
}
else{
return false;
}
}
// Allow passwordless connection to qemu:///system
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage")
{
return polkit.Result.YES;
}
});
// Give full access to 'vm'
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.libvirt.api.domain.") == 0 ) {
if (action.lookup("connect_driver") == 'QEMU' && myFunction(subject.user, action.lookup("domain_name"))) {
polkit.log("vm=" + action.lookup("domain_name") + "action =>"+myFunction(subject.user, action.lookup("domain_name")));
polkit.log("subject=" + subject);
polkit.log("ok");
return polkit.Result.YES;
} else {
return polkit.Result.NO;
}
}
});
aqui a vm no formato
username*vmname
esta vm só é acessível para o usuário correspondente
PS this is only primitive rule that is you can't create a new pool or modify it ,etc., therefore furthure development of rule is required