@@ -247,11 +247,25 @@ EOF

             LIBVIRT_DAEMON=libvirtd

         fi

-        # For distributions using polkit to authorize access to libvirt,

-        # configure polkit accordingly.

-        # Based on http://wiki.libvirt.org/page/SSHPolicyKitSetup

+

+

         if is_fedora; then

-            sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla

+            # Starting with fedora 18 enable stack-user to virsh -c qemu:///system

+            # by creating a policy-kit rule for stack-user

+            if [[ "$os_RELEASE" -ge "18" ]]; then

+                rules_dir=/etc/polkit-1/rules.d

+                sudo mkdir -p $rules_dir

+                sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules

+polkit.addRule(function(action, subject) {

+     if (action.id == 'org.libvirt.unix.manage' &&

+         subject.user == '"$STACK_USER"') {

+         return polkit.Result.YES;

+     }

+});

+EOF"

+                unset rules_dir

+            else

+                sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla

 [libvirt Management Access]

 Identity=unix-group:libvirtd

 Action=org.libvirt.unix.manage

@@ -259,6 +273,7 @@ ResultAny=yes

 ResultInactive=yes

 ResultActive=yes

 EOF'

+            fi

         elif is_suse; then

             # Work around the fact that polkit-default-privs overrules pklas

             # with 'unix-group:$group'.