Re: [libvirt] [PATCH] qemud: move check for polkit before config file check
On Tue, Jul 29, 2008 at 11:11:16AM +0100, Daniel P. Berrange wrote: > On Sat, Jul 26, 2008 at 07:02:59PM -0400, Guido G?nther wrote: > > Hi, > > Without this patch and without a /etc/libvirt/libvirt.conf config file > > the default policy for running the daemon as non root user is still > > polkit which is bad. Please apply. > > Urgh, yes there's a hidden 'return' statement on the same line as the > conditional access check further up causing this to be skipped when > no config is present. okidoc, applied and commited, thanks ! Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemud: move check for polkit before config file check
On Sat, Jul 26, 2008 at 07:02:59PM -0400, Guido G?nther wrote: > Hi, > Without this patch and without a /etc/libvirt/libvirt.conf config file > the default policy for running the daemon as non root user is still > polkit which is bad. Please apply. Urgh, yes there's a hidden 'return' statement on the same line as the conditional access check further up causing this to be skipped when no config is present. ACK Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] qemud: move check for polkit before config file check
Hi, Without this patch and without a /etc/libvirt/libvirt.conf config file the default policy for running the daemon as non root user is still polkit which is bad. Please apply. Cheers, -- Guido qemud/qemud.c | 16 1 files changed, 8 insertions(+), 8 deletions(-) diff --git a/qemud/qemud.c b/qemud/qemud.c index 30557e1..9da27d2 100644 --- a/qemud/qemud.c +++ b/qemud/qemud.c @@ -1912,6 +1912,14 @@ remoteReadConfigFile (struct qemud_server *server, const char *filename) char *unix_sock_rw_perms = NULL; char *unix_sock_group = NULL; +#if HAVE_POLKIT +/* Change the default back to no auth for non-root */ +if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT) +auth_unix_rw = REMOTE_AUTH_NONE; +if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT) +auth_unix_ro = REMOTE_AUTH_NONE; +#endif + /* Just check the file is readable before opening it, otherwise * libvirt emits an error. */ @@ -1926,14 +1934,6 @@ remoteReadConfigFile (struct qemud_server *server, const char *filename) GET_CONF_STR (conf, filename, tcp_port); GET_CONF_STR (conf, filename, listen_addr); -#if HAVE_POLKIT -/* Change the default back to no auth for non-root */ -if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT) -auth_unix_rw = REMOTE_AUTH_NONE; -if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT) -auth_unix_ro = REMOTE_AUTH_NONE; -#endif - if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0) goto free_and_fail; #if HAVE_POLKIT -- 1.5.6.3 -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
