Re: [PATCH v3 3/3] virsh: Add support for text based polkit authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 12, 2016 at 12:12:33PM -0500, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=872166
> 
> When the login session doesn't have an ssh -X type display agent in
> order for libvirtd to run the polkit session authentication, attempts
> to run 'virsh -c qemu:///system list' from an unauthorized user (or one
> that isn't part of the libvirt /etc/group) will fail with the following
> error from libvirtd:
> 
> error: authentication unavailable: no polkit agent available to
>        authenticate action 'org.libvirt.unix.manage'
> 
> In order to handle the local authentication, we will use the new
> virPolkitAgentCreate API in order to create a text based authentication
> agent for our non readonly session to authenticate with.
> 
> The new code will execute in a loop allowing 5 failures to authenticate
> before failing out.
> 
> With this patch in place, the following occurs:
> 
> $ virsh -c qemu:///system list
> ==== AUTHENTICATING FOR org.libvirt.unix.manage ===
> System policy prevents management of local virtualized systems
> Authenticating as: Some User (SUser)
> Password:
> ==== AUTHENTICATION COMPLETE ===
>  Id    Name                           State
>  ----------------------------------------------------
>   1     somedomain                     running
> 
> $
> 
> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
> ---
>  tools/virsh.c | 38 ++++++++++++++++++++++++++++++++++----
>  tools/virsh.h |  2 ++
>  2 files changed, 36 insertions(+), 4 deletions(-)

ACK, though it'd need updating based on my comment on #2

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]