[libvirt] [PATCH 07/12] Add a policy kit access control driver
Eric Blake
eblake at redhat.com
Wed May 2 22:40:08 UTC 2012
On 05/02/2012 05:44 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
Sparse on the commit message.
> ---
> po/POTFILES.in | 1 +
> src/Makefile.am | 12 ++-
> src/access/org.libvirt.domain.policy | 37 ++++++++
> src/access/viraccessdriverpolkit.c | 163 ++++++++++++++++++++++++++++++++++
> src/access/viraccessdriverpolkit.h | 28 ++++++
> src/access/viraccessmanager.c | 2 +
> 6 files changed, 241 insertions(+), 2 deletions(-)
> create mode 100644 src/access/org.libvirt.domain.policy
> create mode 100644 src/access/viraccessdriverpolkit.c
> create mode 100644 src/access/viraccessdriverpolkit.h
>
> @@ -536,7 +536,12 @@ ACCESS_DRIVER_SOURCES = \
> access/viraccessmanager.h access/viraccessmanager.c \
> access/viraccessdriver.h \
> access/viraccessdrivernop.h access/viraccessdrivernop.c \
> - access/viraccessdriverstack.h access/viraccessdriverstack.c
> + access/viraccessdriverstack.h access/viraccessdriverstack.c \
> + access/viraccessdriverpolkit.h access/viraccessdriverpolkit.c
Sort these lines?
> +++ b/src/access/org.libvirt.domain.policy
> @@ -0,0 +1,37 @@
> +<!DOCTYPE policyconfig PUBLIC
> + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
> + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
> +
> +<!--
> +Policy definitions for libvirt daemon
> +
> +Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
2012
> +
> +libvirt is licensed to you under the GNU Lesser General Public License
> +version 2. See COPYING for details.
LGPLv2 _or later_
> + <action id="org.libvirt.domain.read">
> + <description>Get virtual domain attributes</description>
> + <message>System policy prevents getattr on guest domains</message>
s/getattr/read/
> +++ b/src/access/viraccessdriverpolkit.c
> +
> + if (virCommandRun(cmd, &status) < 0)
> + goto cleanup;
> +
> + if (status != 0) {
> + char *tmp = virCommandTranslateStatus(status);
> + virAccessError(VIR_ERR_ACCESS_DENIED,
> + _("Policy kit denied action %s from %s: %s"),
> + actionid, process, NULLSTR(tmp));
Given that all we do on failure is report it, should we just use
virCommandRun(cmd, NULL)?
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120502/62cf0a34/attachment-0001.sig>
More information about the libvir-list
mailing list