From 151a0e8c4ce50a8096b1d1cc46277a9831d30b1a Mon Sep 17 00:00:00 2001
Message-Id: <151a0e8c4ce50a8096b1d1cc46277a9831d30b1a.1379193140.git.jdenemar@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Thu, 12 Sep 2013 17:34:45 +0100
Subject: [PATCH] Fix polkit permission names for storage pools, vols & node
devices
https://bugzilla.redhat.com/show_bug.cgi?id=700443
The polkit access driver used the wrong permission names for checks
on storage pools, volumes and node devices. This led to them always
being denied access.
The 'dettach' permission was also mis-spelt and should have been
'detach'. While permission names are ABI sensitive, the fact that
the code used the wrong object name for checking node device
permissions, means that no one could have used the mis-spelt
'dettach' permission.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 621849383ad1aad61fe630184e689f5aca6ab7e0)
---
src/access/viraccessdriverpolkit.c | 6 +++---
src/access/viraccessperm.c | 2 +-
src/access/viraccessperm.h | 2 +-
src/remote/remote_protocol.x | 8 ++++----
4 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
index 4c76e64..b472bc3 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -248,7 +248,7 @@ virAccessDriverPolkitCheckNodeDevice(virAccessManagerPtr manager,
};
return virAccessDriverPolkitCheck(manager,
- "nodedevice",
+ "node-device",
virAccessPermNodeDeviceTypeToString(perm),
attrs);
}
@@ -355,7 +355,7 @@ virAccessDriverPolkitCheckStoragePool(virAccessManagerPtr manager,
virUUIDFormat(pool->uuid, uuidstr);
return virAccessDriverPolkitCheck(manager,
- "pool",
+ "storage-pool",
virAccessPermStoragePoolTypeToString(perm),
attrs);
}
@@ -379,7 +379,7 @@ virAccessDriverPolkitCheckStorageVol(virAccessManagerPtr manager,
virUUIDFormat(pool->uuid, uuidstr);
return virAccessDriverPolkitCheck(manager,
- "vol",
+ "storage-vol",
virAccessPermStorageVolTypeToString(perm),
attrs);
}
diff --git a/src/access/viraccessperm.c b/src/access/viraccessperm.c
index 17f6243..9c720f9 100644
--- a/src/access/viraccessperm.c
+++ b/src/access/viraccessperm.c
@@ -58,7 +58,7 @@ VIR_ENUM_IMPL(virAccessPermNodeDevice,
VIR_ACCESS_PERM_NODE_DEVICE_LAST,
"getattr", "read", "write",
"start", "stop",
- "dettach");
+ "detach");
VIR_ENUM_IMPL(virAccessPermNWFilter,
VIR_ACCESS_PERM_NWFILTER_LAST,
diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
index 2f76c95..fdc461b 100644
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@@ -427,7 +427,7 @@ typedef enum {
* @desc: Detach node device
* @message: Detaching node device driver requires authorization
*/
- VIR_ACCESS_PERM_NODE_DEVICE_DETTACH,
+ VIR_ACCESS_PERM_NODE_DEVICE_DETACH,
VIR_ACCESS_PERM_NODE_DEVICE_LAST
} virAccessPermNodeDevice;
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index a1c23da..85ad9ba 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -3696,19 +3696,19 @@ enum remote_procedure {
/**
* @generate: server
- * @acl: node_device:dettach
+ * @acl: node_device:detach
*/
REMOTE_PROC_NODE_DEVICE_DETTACH = 118,
/**
* @generate: server
- * @acl: node_device:dettach
+ * @acl: node_device:detach
*/
REMOTE_PROC_NODE_DEVICE_RE_ATTACH = 119,
/**
* @generate: server
- * @acl: node_device:dettach
+ * @acl: node_device:detach
*/
REMOTE_PROC_NODE_DEVICE_RESET = 120,
@@ -4929,7 +4929,7 @@ enum remote_procedure {
/**
* @generate: server
- * @acl: node_device:dettach
+ * @acl: node_device:detach
*/
REMOTE_PROC_NODE_DEVICE_DETACH_FLAGS = 301,
--
1.8.3.2