[libvirt] [PATCH] polkit: reintroduce check for pkcheck

Ján Tomko posted 1 patch 6 years ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/57606ab368823cd7647d92cc5df0c7b1a2690fac.1521829113.git.jtomko@redhat.com
Test syntax-check passed
m4/virt-polkit.m4 | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
[libvirt] [PATCH] polkit: reintroduce check for pkcheck
Posted by Ján Tomko 6 years ago
Commit 2499d1a0 was too eager and possibly enabled polkit
on all platforms with D-Bus, regardless of whether they use polkit.

Reintroduce the usage of pkcheck as a witness for --with-polkit=check,
but do not require it for --with-polkit=yes.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Jiří Denemark <jdenemar@redhat.com>
---
 m4/virt-polkit.m4 | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/m4/virt-polkit.m4 b/m4/virt-polkit.m4
index fd729dc98..16889e163 100644
--- a/m4/virt-polkit.m4
+++ b/m4/virt-polkit.m4
@@ -25,8 +25,17 @@ AC_DEFUN([LIBVIRT_ARG_POLKIT], [
 AC_DEFUN([LIBVIRT_CHECK_POLKIT], [
   AC_REQUIRE([LIBVIRT_CHECK_DBUS])
 
+  if test "x$with_polkit" = "xcheck"; then
+    dnl For --with-polkit=check, also require the pkcheck binary, even
+    dnl though we talk to polkit directly over D-Bus.
+    AC_PATH_PROG([PKCHECK_PATH], [pkcheck], [], [$LIBVIRT_SBIN_PATH])
+    if test "x$PKCHECK_PATH" = "x" ; then
+        with_polkit="no"
+    fi
+  fi
+
   if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
-    dnl All we need to talk to polkit is D-Bus.
+    dnl For --with-polkit=yes, all we need is D-Bus.
     if test "x$with_dbus" = "xyes" ; then
       AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
           [use PolicyKit for UNIX socket access checks])
-- 
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] polkit: reintroduce check for pkcheck
Posted by Andrea Bolognani 6 years ago
On Fri, 2018-03-23 at 19:20 +0100, Ján Tomko wrote:
> Commit 2499d1a0 was too eager and possibly enabled polkit
> on all platforms with D-Bus, regardless of whether they use polkit.
> 
> Reintroduce the usage of pkcheck as a witness for --with-polkit=check,
> but do not require it for --with-polkit=yes.
> 
> Signed-off-by: Ján Tomko <jtomko@redhat.com>
> Reported-by: Jiří Denemark <jdenemar@redhat.com>
> ---
>  m4/virt-polkit.m4 | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)

Reviewed-by: Andrea Bolognani <abologna@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list