99cbc7
From 773d0240b0d5678f0183eed75dbef7e60d54e3f8 Mon Sep 17 00:00:00 2001
99cbc7
Message-Id: <773d0240b0d5678f0183eed75dbef7e60d54e3f8@dist-git>
99cbc7
From: John Ferlan <jferlan@redhat.com>
99cbc7
Date: Wed, 3 Apr 2019 07:28:30 -0400
99cbc7
Subject: [PATCH] qemu: Set identity for the reconnect all thread
99cbc7
99cbc7
https://bugzilla.redhat.com/show_bug.cgi?id=1631622
99cbc7
99cbc7
If polkit authentication is enabled, an attempt to open
99cbc7
the connection failed during virAccessDriverPolkitGetCaller
99cbc7
when the call to virIdentityGetCurrent returned NULL resulting
99cbc7
in the errors:
99cbc7
99cbc7
  virAccessDriverPolkitGetCaller:87 : access denied:
99cbc7
  Policy kit denied action org.libvirt.api.connect.getattr from <anonymous>
99cbc7
99cbc7
Because qemuProcessReconnect runs in a thread during
99cbc7
daemonRunStateInit processing it doesn't have the thread
99cbc7
local identity. Thus when the virGetConnectNWFilter is
99cbc7
called as part of the qemuProcessFiltersInstantiate when
99cbc7
virDomainConfNWFilterInstantiate is run the attempt to get
99cbc7
the idenity fails and results in the anonymous error above.
99cbc7
99cbc7
To fix this, let's grab/use the virIdenityPtr of the process
99cbc7
that will be creating the thread, e.g. what daemonRunStateInit
99cbc7
has set and use that for our thread. That way any other similar
99cbc7
processing that uses/requires an identity for any other call
99cbc7
that would have previously been successfully run won't fail in
99cbc7
a similar manner.
99cbc7
99cbc7
Signed-off-by: John Ferlan <jferlan@redhat.com>
99cbc7
(cherry picked from commit b04b82f8cb671f067bad2d5e922acf88f13f0934)
99cbc7
Message-Id: <20190403112830.13099-1-jferlan@redhat.com>
99cbc7
Reviewed-by: Erik Skultety <eskultet@redhat.com>
99cbc7
---
99cbc7
 src/qemu/qemu_process.c | 7 +++++++
99cbc7
 1 file changed, 7 insertions(+)
99cbc7
99cbc7
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
99cbc7
index 485e455a44..6945d76b18 100644
99cbc7
--- a/src/qemu/qemu_process.c
99cbc7
+++ b/src/qemu/qemu_process.c
99cbc7
@@ -81,6 +81,7 @@
99cbc7
 #include "netdev_bandwidth_conf.h"
99cbc7
 #include "virresctrl.h"
99cbc7
 #include "virvsock.h"
99cbc7
+#include "viridentity.h"
99cbc7
 
99cbc7
 #define VIR_FROM_THIS VIR_FROM_QEMU
99cbc7
 
99cbc7
@@ -7621,6 +7622,7 @@ qemuProcessRefreshCPU(virQEMUDriverPtr driver,
99cbc7
 struct qemuProcessReconnectData {
99cbc7
     virQEMUDriverPtr driver;
99cbc7
     virDomainObjPtr obj;
99cbc7
+    virIdentityPtr identity;
99cbc7
 };
99cbc7
 /*
99cbc7
  * Open an existing VM's monitor, re-detect VCPU threads
99cbc7
@@ -7657,6 +7659,8 @@ qemuProcessReconnect(void *opaque)
99cbc7
     virCapsPtr caps = NULL;
99cbc7
     bool retry = true;
99cbc7
 
99cbc7
+    virIdentitySetCurrent(data->identity);
99cbc7
+    virObjectUnref(data->identity);
99cbc7
     VIR_FREE(data);
99cbc7
 
99cbc7
     qemuDomainObjRestoreJob(obj, &oldjob);
99cbc7
@@ -7878,6 +7882,7 @@ qemuProcessReconnect(void *opaque)
99cbc7
     virObjectUnref(cfg);
99cbc7
     virObjectUnref(caps);
99cbc7
     virNWFilterUnlockFilterUpdates();
99cbc7
+    virIdentitySetCurrent(NULL);
99cbc7
     return;
99cbc7
 
99cbc7
  error:
99cbc7
@@ -7915,6 +7920,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
99cbc7
 
99cbc7
     memcpy(data, src, sizeof(*data));
99cbc7
     data->obj = obj;
99cbc7
+    data->identity = virIdentityGetCurrent();
99cbc7
 
99cbc7
     virNWFilterReadLockFilterUpdates();
99cbc7
 
99cbc7
@@ -7938,6 +7944,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
99cbc7
 
99cbc7
         virDomainObjEndAPI(&obj);
99cbc7
         virNWFilterUnlockFilterUpdates();
99cbc7
+        virObjectUnref(data->identity);
99cbc7
         VIR_FREE(data);
99cbc7
         return -1;
99cbc7
     }
99cbc7
-- 
99cbc7
2.21.0
99cbc7