On 09/11/2013 07:24 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
The polkit access driver used the wrong permission names for checks on storage pools, volumes and node devices. This led to them always being denied access.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/access/viraccessdriverpolkit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
I had to do some hunting, but I found that: src/access/genpolkit.pl defines my @objects = ( "CONNECT", "DOMAIN", "INTERFACE", "NETWORK","NODE_DEVICE", "NWFILTER", "SECRET", "STORAGE_POOL", "STORAGE_VOL", ); which in turn results in src/access/org.libvirt.api.policy generated with entries such as: <action id="org.libvirt.api.node-device.dettach"> [Ugg - did we REALLY mean to mis-spell detach? Is it too late to fix that?]
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 4c76e64..b472bc3 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -248,7 +248,7 @@ virAccessDriverPolkitCheckNodeDevice(virAccessManagerPtr manager, };
return virAccessDriverPolkitCheck(manager, - "nodedevice", + "node-device",
Therefore, this is correct (as are the other two name fixes. ACK. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org