1. Patchew
  2. Libvirt
  3. View series

[PATCH] qemu/dbus: Allow connections from root to the dbus-daemon

Martin Kletzander via Devel posted 1 patch 1 month, 1 week ago 
src/qemu/qemu_dbus.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
[PATCH] qemu/dbus: Allow connections from root to the dbus-daemon
Posted by Martin Kletzander via Devel 1 month, 1 week ago 
From: Martin Kletzander <mkletzan@redhat.com>

In commit dbfb96d18c04 libvirt started connecting to the daemon to set
RDP credentials, but our configuration file did not allow connections
from the root user, so the connection failed and the VM failed to start.

In order to avoid such issue allow root to connect if the daemon is
running privileged.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
 src/qemu/qemu_dbus.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_dbus.c b/src/qemu/qemu_dbus.c
index a9e2fb0fe231..625884ad467f 100644
--- a/src/qemu/qemu_dbus.c
+++ b/src/qemu/qemu_dbus.c
@@ -116,7 +116,7 @@ qemuDBusConnect(virQEMUDriver *driver,
 
 
 static int
-qemuDBusWriteConfig(const char *filename, const char *path)
+qemuDBusWriteConfig(const char *filename, const char *path, bool privileged)
 {
     g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
     g_autofree char *config = NULL;
@@ -138,6 +138,9 @@ qemuDBusWriteConfig(const char *filename, const char *path)
     virBufferAddLit(&buf, "<allow eavesdrop='true'/>\n");
     virBufferAddLit(&buf, "<!-- Allow anyone to own anything -->\n");
     virBufferAddLit(&buf, "<allow own='*'/>\n");
+    if (privileged)
+        virBufferAddLit(&buf, "<allow user='root'/>\n");
+
     virBufferAdjustIndent(&buf, -2);
     virBufferAddLit(&buf, "</policy>\n");
 
@@ -242,7 +245,7 @@ qemuDBusStart(virQEMUDriver *driver,
     configfile = qemuDBusCreateConfPath(cfg, shortName);
     sockpath = qemuDBusCreateSocketPath(cfg, shortName);
 
-    if (qemuDBusWriteConfig(configfile, sockpath) < 0) {
+    if (qemuDBusWriteConfig(configfile, sockpath, driver->privileged) < 0) {
         virReportSystemError(errno, _("Failed to write '%1$s'"), configfile);
         return -1;
     }
-- 
2.48.1
Re: [PATCH] qemu/dbus: Allow connections from root to the dbus-daemon
Posted by Ján Tomko via Devel 1 month, 1 week ago 
On a Thursday in 2025, Martin Kletzander via Devel wrote:
>From: Martin Kletzander <mkletzan@redhat.com>
>
>In commit dbfb96d18c04 libvirt started connecting to the daemon to set
>RDP credentials, but our configuration file did not allow connections
>from the root user, so the connection failed and the VM failed to start.
>
>In order to avoid such issue allow root to connect if the daemon is
>running privileged.
>
>Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
>---
> src/qemu/qemu_dbus.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.