On 09/11/2013 07:24 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
>
> The polkit access driver used the wrong permission names for checks
> on storage pools, volumes and node devices. This led to them always
> being denied access.
>
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
> src/access/viraccessdriverpolkit.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
I had to do some hunting, but I found that:
src/access/genpolkit.pl defines
my @objects = (
"CONNECT", "DOMAIN", "INTERFACE",
"NETWORK","NODE_DEVICE", "NWFILTER",
"SECRET", "STORAGE_POOL", "STORAGE_VOL",
);
which in turn results in src/access/org.libvirt.api.policy generated
with entries such as:
<action id="org.libvirt.api.node-device.dettach">
[Ugg - did we REALLY mean to mis-spell detach? Is it too late to fix that?]
>
> diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
> index 4c76e64..b472bc3 100644
> --- a/src/access/viraccessdriverpolkit.c
> +++ b/src/access/viraccessdriverpolkit.c
> @@ -248,7 +248,7 @@ virAccessDriverPolkitCheckNodeDevice(virAccessManagerPtr manager,
> };
>
> return virAccessDriverPolkitCheck(manager,
> - "nodedevice",
> + "node-device",
Therefore, this is correct (as are the other two name fixes.
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list