Bug 426425

Summary: auth_unix_r[ow] = "none" still uses Policykit
Product: [Fedora] Fedora Reporter: Soren Hansen <soren>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: berrange
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-11 11:31:37 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Soren Hansen 2007-12-20 17:48:50 EST
Description of problem:

If libvirt is built with policykit support, there's no way to actually disable it.

The docs say that auth_unix_r[wo] = "none" should make it just use the unix
socket permissions, but that is not the case.

Version-Release number of selected component (if applicable): 0.4.0

How reproducible:

Steps to Reproduce:
1. Compile libvirt with policykit support
2. Set auth_unix_ro = "none" and auth_unix_rw = "none" in libvirtd.conf
3. Fire up libvirtd
3. virsh will fail
4. "polkit-grant org.libvirt.unix.manage" blahblahblah
5. virsh now works.
Comment 1 Daniel Berrange 2007-12-20 19:10:40 EST
Stupid bug alert:

__virConfReadFile(const char *filename)
    char content[4096];
    fd = open(filename, O_RDONLY);
    len = read(fd, content, sizeof(content));
    return(virConfParse(filename, content, len));

# ls -l /etc/libvirt/libvirtd.conf
-rw-r--r-- 1 root root 6653 2007-12-20 19:03 /etc/libvirt/libvirtd.conf

Just remove some of the copious comments from the default config file and your
'auth_unix_rw' setting will be honoured just fine.
Comment 2 Daniel Veillard 2008-02-11 11:31:37 EST
BTW that bug has been fixed in libvirt CVS, though it's not yet included
in a release it will be in next one.

Mon Jan  7 10:19:00 EST 2008 Daniel P. Berrange <berrange@redhat.com>
        * src/conf.c: Use virFileReadAll() to avoid truncating config

Comment 3 Daniel Berrange 2008-02-11 11:36:51 EST
Actually I did fix it in F-8 and rawhide - not the same patch as upstream - just
added a really trivial change to make the array 8192 bytes instead of 4096

* Wed Jan  2 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-2.fc8
- Fix reading large config files (rhbz #426425)

* Wed Jan  2 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-2.fc9
- Fix reading large config files (rhbz #426425)

The proper fix can wait till the next official upstream release.