[PATCH 7/7] util: Make client-side polkit work even with polkit disabled
Daniel P. Berrangé
berrange at redhat.com
Mon Nov 22 10:07:39 UTC 2021
On Mon, Nov 22, 2021 at 11:03:53AM +0100, Martin Kletzander wrote:
> On Mon, Nov 22, 2021 at 09:23:01AM +0000, Daniel P. Berrangé wrote:
> > On Sun, Nov 21, 2021 at 12:10:08AM +0100, Martin Kletzander wrote:
> > > The reason for this is twofold:
> > >
> > > - the polkit build option is documented for UNIX socket access checks
> > >
> > > - there is no server-side change or dbus call done when enabling this as it only
> > > starts a polkit agent on the client-side (actually only in virsh) and does not
> > > need any requirements (starting is skipped if pkttyagent is not installed)
> > >
> > > Also move the conditional implementation to the bottom of the file so that it
> > > does not look like the whole file is build conditionally and the common
> > > functions are at the top.
> >
> > Does this still work correctly on Windows if we try by default ?
> >
>
> Any call to virPolkitAgentAvailable() should return false on Windows
> unless PKTTYAGENT (/usr/bin/pkttyagent) exists. While thinking about it
> now I will change that virFileExists() call to virFileIsExecutable() to
> catch even more possible issues. Anyway since that should return false
> on Windows (and I hope my presumptions are correct) then
> virPolkitAgentCreate() should report an error, just like it would
> without this patch if connecting to polkit-guarded libvirtd socket
> (e.g. through ssh). It should actually return a better error with this
> patch applied.
>
> And ctermid() is a POSIX function, not sure what that returns on
> windows, but it should not even get there as the first check is done
> against the existence/executability of PKTTYAGENT.
ctermid() doesn't exist in Windows, so it shouldn't even compile if we
try to build with it ! A conditional willbe needed I expect.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list