[PATCH 1/2] Only keep one polkit rules file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just tweak it at build time depending on what polkit version we are
building for.
---
 .gitignore                |  1 +
 daemon/Makefile.am        | 16 +++++++++++-----
 daemon/libvirtd.policy-0  | 42 ------------------------------------------
 daemon/libvirtd.policy-1  | 42 ------------------------------------------
 daemon/libvirtd.policy.in | 42 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 54 insertions(+), 89 deletions(-)
 delete mode 100644 daemon/libvirtd.policy-0
 delete mode 100644 daemon/libvirtd.policy-1
 create mode 100644 daemon/libvirtd.policy.in

diff --git a/.gitignore b/.gitignore
index 1cd2d45..1b22b92 100644
--- a/.gitignore
+++ b/.gitignore
@@ -55,6 +55,7 @@
 /daemon/libvirtd.init
 /daemon/libvirtd.pod
 /daemon/libvirtd.service
+/daemon/libvirtd.policy
 /daemon/test_libvirtd.aug
 /docs/apibuild.py.stamp
 /docs/devhelp/libvirt.devhelp
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 3405c67..f747c48 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -35,8 +35,7 @@ EXTRA_DIST =						\
 	libvirtd.conf					\
 	libvirtd.init.in				\
 	libvirtd.upstart				\
-	libvirtd.policy-0				\
-	libvirtd.policy-1				\
+	libvirtd.policy.in				\
 	libvirtd.sasl					\
 	libvirtd.sysconf				\
 	libvirtd.sysctl					\
@@ -173,13 +172,20 @@ libvirtd_LDADD += ../src/libvirt.la
 if HAVE_POLKIT
 if HAVE_POLKIT0
 policydir = $(datadir)/PolicyKit/policy
-policyfile = libvirtd.policy-0
+policyauth = auth_admin_keep_session
 else
 policydir = $(datadir)/polkit-1/actions
-policyfile = libvirtd.policy-1
+policyauth = auth_admin_keep
 endif
 endif
 
+libvirtd.policy: libvirtd.policy.in $(top_builddir)/config.status
+	$(AM_V_GEN) sed \
+	    -e 's![@]authaction[@]!$(policyauth)!g' \
+	    < $< > $@-t && \
+	mv $@-t $@
+BUILT_SOURCES += libvirtd.policy
+
 install-data-local: install-init-redhat install-init-systemd install-init-upstart \
 		install-data-sasl install-data-polkit \
 		install-logrotate install-sysctl
@@ -197,7 +203,7 @@ uninstall-local:: uninstall-init-redhat uninstall-init-systemd uninstall-init-up
 if HAVE_POLKIT
 install-data-polkit::
 	$(MKDIR_P) $(DESTDIR)$(policydir)
-	$(INSTALL_DATA) $(srcdir)/$(policyfile) $(DESTDIR)$(policydir)/org.libvirt.unix.policy
+	$(INSTALL_DATA) $(srcdir)/libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
 uninstall-data-polkit::
 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
 	rmdir $(DESTDIR)$(policydir) || :
diff --git a/daemon/libvirtd.policy-0 b/daemon/libvirtd.policy-0
deleted file mode 100644
index 5d6845c..0000000
--- a/daemon/libvirtd.policy-0
+++ /dev/null
@@ -1,42 +0,0 @@
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";>
-
-<!--
-Policy definitions for libvirt daemon
-
-Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
-
-libvirt is licensed to you under the GNU Lesser General Public License
-version 2. See COPYING for details.
-
-NOTE: If you make changes to this file, make sure to validate the file
-using the polkit-policy-file-validate(1) tool. Changes made to this
-file are instantly applied.
--->
-
-<policyconfig>
-    <action id="org.libvirt.unix.monitor">
-      <description>Monitor local virtualized systems</description>
-      <message>System policy prevents monitoring of local virtualized systems</message>
-      <defaults>
-        <!-- Any program can use libvirt in read-only mode for monitoring,
-             even if not part of a session -->
-        <allow_any>yes</allow_any>
-        <allow_inactive>yes</allow_inactive>
-        <allow_active>yes</allow_active>
-      </defaults>
-    </action>
-
-    <action id="org.libvirt.unix.manage">
-      <description>Manage local virtualized systems</description>
-      <message>System policy prevents management of local virtualized systems</message>
-      <defaults>
-        <!-- Only a program in the active host session can use libvirt in
-             read-write mode for management, and we require user password -->
-        <allow_any>auth_admin</allow_any>
-        <allow_inactive>auth_admin</allow_inactive>
-        <allow_active>auth_admin_keep_session</allow_active>
-      </defaults>
-    </action>
-</policyconfig>
diff --git a/daemon/libvirtd.policy-1 b/daemon/libvirtd.policy-1
deleted file mode 100644
index c2bec1f..0000000
--- a/daemon/libvirtd.policy-1
+++ /dev/null
@@ -1,42 +0,0 @@
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";>
-
-<!--
-Policy definitions for libvirt daemon
-
-Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
-
-libvirt is licensed to you under the GNU Lesser General Public License
-version 2. See COPYING for details.
-
-NOTE: If you make changes to this file, make sure to validate the file
-using the polkit-policy-file-validate(1) tool. Changes made to this
-file are instantly applied.
--->
-
-<policyconfig>
-    <action id="org.libvirt.unix.monitor">
-      <description>Monitor local virtualized systems</description>
-      <message>System policy prevents monitoring of local virtualized systems</message>
-      <defaults>
-        <!-- Any program can use libvirt in read-only mode for monitoring,
-             even if not part of a session -->
-        <allow_any>yes</allow_any>
-        <allow_inactive>yes</allow_inactive>
-        <allow_active>yes</allow_active>
-      </defaults>
-    </action>
-
-    <action id="org.libvirt.unix.manage">
-      <description>Manage local virtualized systems</description>
-      <message>System policy prevents management of local virtualized systems</message>
-      <defaults>
-        <!-- Only a program in the active host session can use libvirt in
-             read-write mode for management, and we require user password -->
-        <allow_any>auth_admin</allow_any>
-        <allow_inactive>auth_admin</allow_inactive>
-        <allow_active>auth_admin_keep</allow_active>
-      </defaults>
-    </action>
-</policyconfig>
diff --git a/daemon/libvirtd.policy.in b/daemon/libvirtd.policy.in
new file mode 100644
index 0000000..45b0d79
--- /dev/null
+++ b/daemon/libvirtd.policy.in
@@ -0,0 +1,42 @@
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";>
+
+<!--
+Policy definitions for libvirt daemon
+
+Copyright (c) 2007 Daniel P. Berrange <berrange redhat com>
+
+libvirt is licensed to you under the GNU Lesser General Public License
+version 2. See COPYING for details.
+
+NOTE: If you make changes to this file, make sure to validate the file
+using the polkit-policy-file-validate(1) tool. Changes made to this
+file are instantly applied.
+-->
+
+<policyconfig>
+    <action id="org.libvirt.unix.monitor">
+      <description>Monitor local virtualized systems</description>
+      <message>System policy prevents monitoring of local virtualized systems</message>
+      <defaults>
+        <!-- Any program can use libvirt in read-only mode for monitoring,
+             even if not part of a session -->
+        <allow_any>yes</allow_any>
+        <allow_inactive>yes</allow_inactive>
+        <allow_active>yes</allow_active>
+      </defaults>
+    </action>
+
+    <action id="org.libvirt.unix.manage">
+      <description>Manage local virtualized systems</description>
+      <message>System policy prevents management of local virtualized systems</message>
+      <defaults>
+        <!-- Only a program in the active host session can use libvirt in
+             read-write mode for management, and we require user password -->
+        <allow_any>auth_admin</allow_any>
+        <allow_inactive>auth_admin</allow_inactive>
+        <allow_active>@authaction@</allow_active>
+      </defaults>
+    </action>
+</policyconfig>
-- 
1.7.11.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]