Hi, Without this patch and without a /etc/libvirt/libvirt.conf config file the default policy for running the daemon as non root user is still polkit which is bad. Please apply. Cheers, -- Guido
qemud/qemud.c | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-) diff --git a/qemud/qemud.c b/qemud/qemud.c index 30557e1..9da27d2 100644 --- a/qemud/qemud.c +++ b/qemud/qemud.c @@ -1912,6 +1912,14 @@ remoteReadConfigFile (struct qemud_server *server, const char *filename) char *unix_sock_rw_perms = NULL; char *unix_sock_group = NULL; +#if HAVE_POLKIT + /* Change the default back to no auth for non-root */ + if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT) + auth_unix_rw = REMOTE_AUTH_NONE; + if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT) + auth_unix_ro = REMOTE_AUTH_NONE; +#endif + /* Just check the file is readable before opening it, otherwise * libvirt emits an error. */ @@ -1926,14 +1934,6 @@ remoteReadConfigFile (struct qemud_server *server, const char *filename) GET_CONF_STR (conf, filename, tcp_port); GET_CONF_STR (conf, filename, listen_addr); -#if HAVE_POLKIT - /* Change the default back to no auth for non-root */ - if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT) - auth_unix_rw = REMOTE_AUTH_NONE; - if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT) - auth_unix_ro = REMOTE_AUTH_NONE; -#endif - if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0) goto free_and_fail; #if HAVE_POLKIT -- 1.5.6.3
-- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list