Hi,
Without this patch and without a /etc/libvirt/libvirt.conf config file
the default policy for running the daemon as non root user is still
polkit which is bad. Please apply.
Cheers,
-- Guido
qemud/qemud.c | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/qemud/qemud.c b/qemud/qemud.c
index 30557e1..9da27d2 100644
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -1912,6 +1912,14 @@ remoteReadConfigFile (struct qemud_server *server, const char *filename)
char *unix_sock_rw_perms = NULL;
char *unix_sock_group = NULL;
+#if HAVE_POLKIT
+ /* Change the default back to no auth for non-root */
+ if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT)
+ auth_unix_rw = REMOTE_AUTH_NONE;
+ if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT)
+ auth_unix_ro = REMOTE_AUTH_NONE;
+#endif
+
/* Just check the file is readable before opening it, otherwise
* libvirt emits an error.
*/
@@ -1926,14 +1934,6 @@ remoteReadConfigFile (struct qemud_server *server, const char *filename)
GET_CONF_STR (conf, filename, tcp_port);
GET_CONF_STR (conf, filename, listen_addr);
-#if HAVE_POLKIT
- /* Change the default back to no auth for non-root */
- if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT)
- auth_unix_rw = REMOTE_AUTH_NONE;
- if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT)
- auth_unix_ro = REMOTE_AUTH_NONE;
-#endif
-
if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0)
goto free_and_fail;
#if HAVE_POLKIT
--
1.5.6.3
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
