Re: [PATCH 7/7] util: Make client-side polkit work even with polkit disabled
On Mon, Nov 22, 2021 at 09:23:01AM +0000, Daniel P. Berrangé wrote:
On Sun, Nov 21, 2021 at 12:10:08AM +0100, Martin Kletzander wrote:
> The reason for this is twofold:
>
> - the polkit build option is documented for UNIX socket access checks
>
> - there is no server-side change or dbus call done when enabling this as it only
> starts a polkit agent on the client-side (actually only in virsh) and does not
> need any requirements (starting is skipped if pkttyagent is not installed)
>
> Also move the conditional implementation to the bottom of the file so that it
> does not look like the whole file is build conditionally and the common
> functions are at the top.
Does this still work correctly on Windows if we try by default ?
Any call to virPolkitAgentAvailable() should return false on Windows
unless PKTTYAGENT (/usr/bin/pkttyagent) exists. While thinking about it
now I will change that virFileExists() call to virFileIsExecutable() to
catch even more possible issues. Anyway since that should return false
on Windows (and I hope my presumptions are correct) then
virPolkitAgentCreate() should report an error, just like it would
without this patch if connecting to polkit-guarded libvirtd socket
(e.g. through ssh). It should actually return a better error with this
patch applied.
And ctermid() is a POSIX function, not sure what that returns on
windows, but it should not even get there as the first check is done
against the existence/executability of PKTTYAGENT.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)