Re: [PATCH 1/2] virsh: Track when create pkttyagent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/11/2017 05:04 PM, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1374126
> 
> Due to how the processing for authentication using polkit works, the
> virshConnect code must first "attempt" an virConnectOpenAuth and then
> check for a "special" return error code VIR_ERR_AUTH_UNAVAILABLE in
> order to attempt to "retry" the authentication after performing a creation
> of a pkttyagent to handle the challenge/response for the client.
> 
> However, if pkttyagent creation is not possible for the authentication
> being attempted (such as perhaps a "qemu+ssh://someuser@localhost/system"),
> then the same failure pattern would be returned and another attempt to
> create a pkttyagent would be done. This would continue "forever" until
> someone forced quit (e.g. ctrl-c) from virsh as the 'authfail' was not
> incremented when creating the pkttyagent.
> 
> So add a 'agentCreated' boolean to track if we've attempted to create the
> agent at least once and force a failure if that creation returned the same
> error pattern.
> 
> This resolves a possible never ending loop and will generate an error:
> 
> error: failed to connect to the hypervisor
> error: authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'
> 
> NB: If the authentication was for a sufficiently privileged client, such as
> qemu+ssh://root@localhost/system, then the remoteDispatchAuthList "allows"
> the authentication to use libvirt since @callerUid would be 0.
> 
> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
> ---
>  tools/virsh.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)

ACK

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux