render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
Source Code
GIT

Blame SOURCES/libvirt-Fix-polkit-permission-names-for-storage-pools-vols-node-devices.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale libvirt-hyperscale-10.4.0 upgrade-hyperscale-libvirt
  1.   44539dfc946e641cd32d84b13f32894d37a8476c
  2.   SOURCES
  3.   libvirt-Fix-polkit-permission-names-for-storage-pools-vols-node-devices.patch
Blob History Raw
43fe83 
From 151a0e8c4ce50a8096b1d1cc46277a9831d30b1a Mon Sep 17 00:00:00 2001
43fe83 
Message-Id: <151a0e8c4ce50a8096b1d1cc46277a9831d30b1a.1379193140.git.jdenemar@redhat.com>
43fe83 
From: "Daniel P. Berrange" <berrange@redhat.com>
43fe83 
Date: Thu, 12 Sep 2013 17:34:45 +0100
43fe83 
Subject: [PATCH] Fix polkit permission names for storage pools, vols & node
43fe83 
 devices
43fe83
43fe83 
https://bugzilla.redhat.com/show_bug.cgi?id=700443
43fe83
43fe83 
The polkit access driver used the wrong permission names for checks
43fe83 
on storage pools, volumes and node devices. This led to them always
43fe83 
being denied access.
43fe83
43fe83 
The 'dettach' permission was also mis-spelt and should have been
43fe83 
'detach'. While permission names are ABI sensitive, the fact that
43fe83 
the code used the wrong object name for checking node device
43fe83 
permissions, means that no one could have used the mis-spelt
43fe83 
'dettach' permission.
43fe83
43fe83 
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
43fe83 
(cherry picked from commit 621849383ad1aad61fe630184e689f5aca6ab7e0)
43fe83 
---
43fe83 
 src/access/viraccessdriverpolkit.c | 6 +++---
43fe83 
 src/access/viraccessperm.c         | 2 +-
43fe83 
 src/access/viraccessperm.h         | 2 +-
43fe83 
 src/remote/remote_protocol.x       | 8 ++++----
43fe83 
 4 files changed, 9 insertions(+), 9 deletions(-)
43fe83
43fe83 
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
43fe83 
index 4c76e64..b472bc3 100644
43fe83 
--- a/src/access/viraccessdriverpolkit.c
43fe83 
+++ b/src/access/viraccessdriverpolkit.c
43fe83 
@@ -248,7 +248,7 @@ virAccessDriverPolkitCheckNodeDevice(virAccessManagerPtr manager,
43fe83 
     };
43fe83
43fe83 
     return virAccessDriverPolkitCheck(manager,
43fe83 
-                                      "nodedevice",
43fe83 
+                                      "node-device",
43fe83 
                                       virAccessPermNodeDeviceTypeToString(perm),
43fe83 
                                       attrs);
43fe83 
 }
43fe83 
@@ -355,7 +355,7 @@ virAccessDriverPolkitCheckStoragePool(virAccessManagerPtr manager,
43fe83 
     virUUIDFormat(pool->uuid, uuidstr);
43fe83
43fe83 
     return virAccessDriverPolkitCheck(manager,
43fe83 
-                                      "pool",
43fe83 
+                                      "storage-pool",
43fe83 
                                       virAccessPermStoragePoolTypeToString(perm),
43fe83 
                                       attrs);
43fe83 
 }
43fe83 
@@ -379,7 +379,7 @@ virAccessDriverPolkitCheckStorageVol(virAccessManagerPtr manager,
43fe83 
     virUUIDFormat(pool->uuid, uuidstr);
43fe83
43fe83 
     return virAccessDriverPolkitCheck(manager,
43fe83 
-                                      "vol",
43fe83 
+                                      "storage-vol",
43fe83 
                                       virAccessPermStorageVolTypeToString(perm),
43fe83 
                                       attrs);
43fe83 
 }
43fe83 
diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c
43fe83 
index 17f6243..9c720f9 100644
43fe83 
--- a/src/access/viraccessperm.c
43fe83 
+++ b/src/access/viraccessperm.c
43fe83 
@@ -58,7 +58,7 @@ VIR_ENUM_IMPL(virAccessPermNodeDevice,
43fe83 
               VIR_ACCESS_PERM_NODE_DEVICE_LAST,
43fe83 
               "getattr", "read", "write",
43fe83 
               "start", "stop",
43fe83 
-              "dettach");
43fe83 
+              "detach");
43fe83
43fe83 
 VIR_ENUM_IMPL(virAccessPermNWFilter,
43fe83 
               VIR_ACCESS_PERM_NWFILTER_LAST,
43fe83 
diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
43fe83 
index 2f76c95..fdc461b 100644
43fe83 
--- a/src/access/viraccessperm.h
43fe83 
+++ b/src/access/viraccessperm.h
43fe83 
@@ -427,7 +427,7 @@ typedef enum {
43fe83 
      * @desc: Detach node device
43fe83 
      * @message: Detaching node device driver requires authorization
43fe83 
      */
43fe83 
-    VIR_ACCESS_PERM_NODE_DEVICE_DETTACH,
43fe83 
+    VIR_ACCESS_PERM_NODE_DEVICE_DETACH,
43fe83
43fe83 
     VIR_ACCESS_PERM_NODE_DEVICE_LAST
43fe83 
 } virAccessPermNodeDevice;
43fe83 
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
43fe83 
index a1c23da..85ad9ba 100644
43fe83 
--- a/src/remote/remote_protocol.x
43fe83 
+++ b/src/remote/remote_protocol.x
43fe83 
@@ -3696,19 +3696,19 @@ enum remote_procedure {
43fe83
43fe83 
     /**
43fe83 
      * @generate: server
43fe83 
-     * @acl: node_device:dettach
43fe83 
+     * @acl: node_device:detach
43fe83 
      */
43fe83 
     REMOTE_PROC_NODE_DEVICE_DETTACH = 118,
43fe83
43fe83 
     /**
43fe83 
      * @generate: server
43fe83 
-     * @acl: node_device:dettach
43fe83 
+     * @acl: node_device:detach
43fe83 
      */
43fe83 
     REMOTE_PROC_NODE_DEVICE_RE_ATTACH = 119,
43fe83
43fe83 
     /**
43fe83 
      * @generate: server
43fe83 
-     * @acl: node_device:dettach
43fe83 
+     * @acl: node_device:detach
43fe83 
      */
43fe83 
     REMOTE_PROC_NODE_DEVICE_RESET = 120,
43fe83
43fe83 
@@ -4929,7 +4929,7 @@ enum remote_procedure {
43fe83
43fe83 
     /**
43fe83 
      * @generate: server
43fe83 
-     * @acl: node_device:dettach
43fe83 
+     * @acl: node_device:detach
43fe83 
      */
43fe83 
     REMOTE_PROC_NODE_DEVICE_DETACH_FLAGS = 301,
43fe83
43fe83 
--
43fe83 
1.8.3.2
43fe83

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation