From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> The polkit access driver will want to use the process start time field. This was already set for network identities, but not for the system identity. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- src/util/viridentity.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 03c375b..f681f85 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -35,6 +35,7 @@ #include "virthread.h" #include "virutil.h" #include "virstring.h" +#include "virprocess.h" #define VIR_FROM_THIS VIR_FROM_IDENTITY @@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void) security_context_t con; #endif char *processid = NULL; + unsigned long long timestamp; + char *processtime = NULL; if (virAsprintf(&processid, "%llu", (unsigned long long)getpid()) < 0) goto cleanup; + if (virProcessGetStartTime(getpid(), ×tamp) < 0) + goto cleanup; + + if (timestamp != 0 && + virAsprintf(&processtime, "%llu", timestamp) < 0) + goto cleanup; + if (!(username = virGetUserName(getuid()))) goto cleanup; if (virAsprintf(&userid, "%d", (int)getuid()) < 0) @@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void) VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0) goto error; + if (processtime && + virIdentitySetAttr(ret, + VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + processtime) < 0) + goto error; cleanup: VIR_FREE(username); @@ -206,6 +221,7 @@ cleanup: VIR_FREE(groupid); VIR_FREE(seccontext); VIR_FREE(processid); + VIR_FREE(processtime); return ret; error: -- 1.8.3.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list