On Fri, Feb 12, 2016 at 12:12:33PM -0500, John Ferlan wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=872166 > > When the login session doesn't have an ssh -X type display agent in > order for libvirtd to run the polkit session authentication, attempts > to run 'virsh -c qemu:///system list' from an unauthorized user (or one > that isn't part of the libvirt /etc/group) will fail with the following > error from libvirtd: > > error: authentication unavailable: no polkit agent available to > authenticate action 'org.libvirt.unix.manage' > > In order to handle the local authentication, we will use the new > virPolkitAgentCreate API in order to create a text based authentication > agent for our non readonly session to authenticate with. > > The new code will execute in a loop allowing 5 failures to authenticate > before failing out. > > With this patch in place, the following occurs: > > $ virsh -c qemu:///system list > ==== AUTHENTICATING FOR org.libvirt.unix.manage === > System policy prevents management of local virtualized systems > Authenticating as: Some User (SUser) > Password: > ==== AUTHENTICATION COMPLETE === > Id Name State > ---------------------------------------------------- > 1 somedomain running > > $ > > Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> > --- > tools/virsh.c | 38 ++++++++++++++++++++++++++++++++++---- > tools/virsh.h | 2 ++ > 2 files changed, 36 insertions(+), 4 deletions(-) ACK, though it'd need updating based on my comment on #2 Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list