On Thu, Feb 11, 2016 at 06:38:14PM -0500, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=872166
>
> When the login session doesn't have an ssh -X type display agent in
> order for libvirtd to run the polkit session authentication, attempts
> to run 'virsh -c qemu:///system list'
On Fri, Feb 12, 2016 at 07:53:40AM -0500, John Ferlan wrote:
>
>
> On 02/12/2016 06:57 AM, Daniel P. Berrange wrote:
> > On Fri, Feb 12, 2016 at 06:49:22AM -0500, John Ferlan wrote:
> >> [...]
> >>
> +err = virGetLastError();
> +if (err && strstr(err->message,
> +
[...]
>> +err = virGetLastError();
>> +if (err && strstr(err->message,
>> + _("no agent is available to authenticate"))) {
>
>> +if (!pkagent) {
>> +if (!(pkagent = virPolkitAgentCreate()))
>> +goto cleanup;
On 02/12/2016 06:57 AM, Daniel P. Berrange wrote:
> On Fri, Feb 12, 2016 at 06:49:22AM -0500, John Ferlan wrote:
>> [...]
>>
+err = virGetLastError();
+if (err && strstr(err->message,
+ _("no agent is available to authenticate"))) {
>>>
On Fri, Feb 12, 2016 at 06:49:22AM -0500, John Ferlan wrote:
> [...]
>
> >> +err = virGetLastError();
> >> +if (err && strstr(err->message,
> >> + _("no agent is available to authenticate"))) {
> >
> >> +if (!pkagent) {
> >> +
On 02/12/2016 08:22 AM, Daniel P. Berrange wrote:
> On Fri, Feb 12, 2016 at 07:53:40AM -0500, John Ferlan wrote:
>>
>>
>> On 02/12/2016 06:57 AM, Daniel P. Berrange wrote:
>>> On Fri, Feb 12, 2016 at 06:49:22AM -0500, John Ferlan wrote:
[...]
>> +err = virGetLastError();
On Fri, Feb 12, 2016 at 10:04:58AM -0500, John Ferlan wrote:
>
>
> On 02/12/2016 08:22 AM, Daniel P. Berrange wrote:
> > On Fri, Feb 12, 2016 at 07:53:40AM -0500, John Ferlan wrote:
> >>
> >>
> >> On 02/12/2016 06:57 AM, Daniel P. Berrange wrote:
> >>> On Fri, Feb 12, 2016 at 06:49:22AM -0500,
https://bugzilla.redhat.com/show_bug.cgi?id=872166
When the login session doesn't have an ssh -X type display agent in
order for libvirtd to run the polkit session authentication, attempts
to run 'virsh -c qemu:///system list' from an unauthorized user (or one
that isn't part of the libvirt