On 05/02/2012 05:44 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> > Sparse on the commit message. > --- > po/POTFILES.in | 1 + > src/Makefile.am | 12 ++- > src/access/org.libvirt.domain.policy | 37 ++++++++ > src/access/viraccessdriverpolkit.c | 163 ++++++++++++++++++++++++++++++++++ > src/access/viraccessdriverpolkit.h | 28 ++++++ > src/access/viraccessmanager.c | 2 + > 6 files changed, 241 insertions(+), 2 deletions(-) > create mode 100644 src/access/org.libvirt.domain.policy > create mode 100644 src/access/viraccessdriverpolkit.c > create mode 100644 src/access/viraccessdriverpolkit.h > > @@ -536,7 +536,12 @@ ACCESS_DRIVER_SOURCES = \ > access/viraccessmanager.h access/viraccessmanager.c \ > access/viraccessdriver.h \ > access/viraccessdrivernop.h access/viraccessdrivernop.c \ > - access/viraccessdriverstack.h access/viraccessdriverstack.c > + access/viraccessdriverstack.h access/viraccessdriverstack.c \ > + access/viraccessdriverpolkit.h access/viraccessdriverpolkit.c Sort these lines? > +++ b/src/access/org.libvirt.domain.policy > @@ -0,0 +1,37 @@ > +<!DOCTYPE policyconfig PUBLIC > + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" > + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";> > + > +<!-- > +Policy definitions for libvirt daemon > + > +Copyright (c) 2007 Daniel P. Berrange <berrange redhat com> 2012 > + > +libvirt is licensed to you under the GNU Lesser General Public License > +version 2. See COPYING for details. LGPLv2 _or later_ > + <action id="org.libvirt.domain.read"> > + <description>Get virtual domain attributes</description> > + <message>System policy prevents getattr on guest domains</message> s/getattr/read/ > +++ b/src/access/viraccessdriverpolkit.c > + > + if (virCommandRun(cmd, &status) < 0) > + goto cleanup; > + > + if (status != 0) { > + char *tmp = virCommandTranslateStatus(status); > + virAccessError(VIR_ERR_ACCESS_DENIED, > + _("Policy kit denied action %s from %s: %s"), > + actionid, process, NULLSTR(tmp)); Given that all we do on failure is report it, should we just use virCommandRun(cmd, NULL)? -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list