[libvirt] PATCH: Support PolicyKit 1.0
Mark McLoughlin
markmc at redhat.com
Mon Aug 10 13:59:29 UTC 2009
On Thu, 2009-08-06 at 13:39 +0100, Daniel P. Berrange wrote:
> In the seriously annoying way of things, the newest PolicyKit in Fedora 12
> has been completely re-written from scratch with a totally incompatible
> application facing API. Conceptually it is still pretty similar though,
> with the exception that client applications no longer need to explicitly
> launch an auth dialog - that's done out-of-band by policykit itself.
>
> This patch adjusts libvirtd to the new API, and removes the libvirt client
> side code that spawned the auth helper. On the libvirtd side avoid their
> APIs and instead spawn an external auth checking program 'pkcheck', which
> returns 0 on success, non-0 for denial.
>
> In the final annoying bit, the XML format for the policy has remained with
> exactly the same DTD version, except that it has quietly changed the allowed
> values for some attributes in an incompatible manner. So I have to add a
> new policy file too.
>
> NB, it may not look like we've changed the client side, but we have, since
> the #ifdef for the external auth agent is no longer set.
Okay, I've only given this a fairly cursory look over, but it seems
fairly straightforward and correct. ACK.
At least the new code is simpler ...
Cheers,
Mark.
More information about the libvir-list
mailing list