[libvirt] PATCH: DOn't use policykit if running non-root
If the libvirtd daemon is running as non-root (ie a regular user) then there is no point in defaulting policykit, since only clients of same user account are able to connect to the UNIX socket anyway. This removes the pointless login prompt when using qemu:///session. Daniel diff -r 9a457b847ffc qemud/qemud.c --- a/qemud/qemud.c Tue Jul 08 16:17:52 2008 +0100 +++ b/qemud/qemud.c Wed Jul 09 09:24:53 2008 +0100 @@ -1926,6 +1926,14 @@ GET_CONF_STR (conf, filename, tcp_port); GET_CONF_STR (conf, filename, listen_addr); +#if HAVE_POLKIT + /* Change the default back to no auth for non-root */ + if (getuid() != 0 && auth_unix_rw == REMOTE_AUTH_POLKIT) + auth_unix_rw = REMOTE_AUTH_NONE; + if (getuid() != 0 && auth_unix_ro == REMOTE_AUTH_POLKIT) + auth_unix_ro = REMOTE_AUTH_NONE; +#endif + if (remoteConfigGetAuth(conf, "auth_unix_rw", &auth_unix_rw, filename) < 0) goto free_and_fail; #if HAVE_POLKIT -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
On Wed, Jul 09, 2008 at 09:36:00AM +0100, Daniel P. Berrange wrote:
If the libvirtd daemon is running as non-root (ie a regular user) then there is no point in defaulting policykit, since only clients of same user account are able to connect to the UNIX socket anyway. This removes the pointless login prompt when using qemu:///session.
Ah, that's the reason ! +1 Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
participants (2)
-
Daniel P. Berrange -
Daniel Veillard