On 09/11/2013 07:24 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <[email protected]> > > The polkit access driver used the wrong permission names for checks > on storage pools, volumes and node devices. This led to them always > being denied access. > > Signed-off-by: Daniel P. Berrange <[email protected]> > --- > src/access/viraccessdriverpolkit.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-)
I had to do some hunting, but I found that:
src/access/genpolkit.pl defines
my @objects = (
"CONNECT", "DOMAIN", "INTERFACE",
"NETWORK","NODE_DEVICE", "NWFILTER",
"SECRET", "STORAGE_POOL", "STORAGE_VOL",
);
which in turn results in src/access/org.libvirt.api.policy generated
with entries such as:
<action id="org.libvirt.api.node-device.dettach">
[Ugg - did we REALLY mean to mis-spell detach? Is it too late to fix that?]
>
> diff --git a/src/access/viraccessdriverpolkit.c
> b/src/access/viraccessdriverpolkit.c
> index 4c76e64..b472bc3 100644
> --- a/src/access/viraccessdriverpolkit.c
> +++ b/src/access/viraccessdriverpolkit.c
> @@ -248,7 +248,7 @@ virAccessDriverPolkitCheckNodeDevice(virAccessManagerPtr
> manager,
> };
>
> return virAccessDriverPolkitCheck(manager,
> - "nodedevice",
> + "node-device",
Therefore, this is correct (as are the other two name fixes.
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
