Trying to connect once without a polkit agent will generate an error on the
server side which seems too rough given it only serves the purpose of the client
(virsh in this case) to figure out that an agent is needed. Thankfully we can
just try running the agent. It does not break anything as we are running it
with `--fallback`, which makes sure it does not replace an existing agent in
case there is one already registered.
The second piece of code trying to start the polkit text agent is kept in order
to _really_ try out starting the agent (and error out when failing to do so)
just in case the agent was not available the first time it was ran. Even though
it should not happen it avoids a very rare race condition and really does not
add much complexity.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1945501
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
tools/virsh.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tools/virsh.c b/tools/virsh.c
index da35c5c2b9c1..5234a3decb22 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -129,6 +129,10 @@ virshConnect(vshControl *ctl, const char *uri, bool readonly)
keepalive_forced = true;
}
+ if (virPolkitAgentAvailable() &&
+ !(pkagent = virPolkitAgentCreate()))
+ virResetLastError();
+
do {
virErrorPtr err;
@@ -140,6 +144,10 @@ virshConnect(vshControl *ctl, const char *uri, bool readonly)
goto cleanup;
err = virGetLastError();
+ /*
+ * If polkit agent failed starting the first time, then retry once more
+ * now when we know it really is needed.
+ */
if (!pkagent &&
err && err->domain == VIR_FROM_POLKIT &&
err->code == VIR_ERR_AUTH_UNAVAILABLE) {
--
2.34.0