[libvirt] SSH URIs invoking askpass + sudo don't play well together
$ cat test.py
import os
import sys
import libvirt
def drop_tty():
if os.fork() != 0:
os._exit(0)
os.setsid()
host = sys.argv[1]
# Need to drop controlling tty otherwise SSH won't call askpass
drop_tty()
libvirt.open("qemu+ssh://root@%s/system" % host)
$ python test.py localhost
<askpass pops up>
$ sudo python test.py localhost
libvir: RPC error : Cannot recv data: No protocol specified
(ssh-askpass:25684): Gtk-WARNING **: cannot open display: :0.0
: Connection reset by peered.
Traceback (most recent call last):
File "test.py", line 14, in <module>
libvirt.open("qemu+ssh://root@%s/system" % host)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 236, in open
if ret is None:raise libvirtError('virConnectOpen() failed')
libvirt.libvirtError: Cannot recv data: No protocol specified
(ssh-askpass:25684): Gtk-WARNING **: cannot open display: :0.0
: Connection reset by peered.
virt-manager does drop_tty by default so that users will get askpass if
applicable. however as shown above, doing sudo virt-manager prevents this from
working. The following libvirt patch makes everything work:
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index d4c0bdd..ad1c02e 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -606,7 +606,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
virCommandAddEnvPass(cmd, "SSH_ASKPASS");
virCommandAddEnvPass(cmd, "DISPLAY");
- virCommandClearCaps(cmd);
+ virCommandAddEnvPass(cmd, "XAUTHORITY");
+ //virCommandClearCaps(cmd);
if (service)
virCommandAddArgList(cmd, "-p", service, NULL);
However I assume that's too heavy handed. Anyone have thoughts?
FYI I don't think this is a regression or anything, since the original BZ was
against RHEL 6.1 which doesn't have the new RPC code:
https://bugzilla.redhat.com/show_bug.cgi?id=700523
Thanks,
Cole