Bug 426425 - auth_unix_r[ow] = "none" still uses Policykit
auth_unix_r[ow] = "none" still uses Policykit
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Veillard
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-12-20 17:48 EST by Soren Hansen
Modified: 2008-02-11 11:36 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-02-11 11:31:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Soren Hansen 2007-12-20 17:48:50 EST
Description of problem:

If libvirt is built with policykit support, there's no way to actually disable it.

The docs say that auth_unix_r[wo] = "none" should make it just use the unix
socket permissions, but that is not the case.

Version-Release number of selected component (if applicable): 0.4.0

How reproducible:

Steps to Reproduce:
1. Compile libvirt with policykit support
2. Set auth_unix_ro = "none" and auth_unix_rw = "none" in libvirtd.conf
3. Fire up libvirtd
3. virsh will fail
4. "polkit-grant org.libvirt.unix.manage" blahblahblah
5. virsh now works.
Comment 1 Daniel Berrange 2007-12-20 19:10:40 EST
Stupid bug alert:

__virConfReadFile(const char *filename)
    char content[4096];
    fd = open(filename, O_RDONLY);
    len = read(fd, content, sizeof(content));
    return(virConfParse(filename, content, len));

# ls -l /etc/libvirt/libvirtd.conf
-rw-r--r-- 1 root root 6653 2007-12-20 19:03 /etc/libvirt/libvirtd.conf

Just remove some of the copious comments from the default config file and your
'auth_unix_rw' setting will be honoured just fine.
Comment 2 Daniel Veillard 2008-02-11 11:31:37 EST
BTW that bug has been fixed in libvirt CVS, though it's not yet included
in a release it will be in next one.

Mon Jan  7 10:19:00 EST 2008 Daniel P. Berrange <berrange@redhat.com>
        * src/conf.c: Use virFileReadAll() to avoid truncating config

Comment 3 Daniel Berrange 2008-02-11 11:36:51 EST
Actually I did fix it in F-8 and rawhide - not the same patch as upstream - just
added a really trivial change to make the array 8192 bytes instead of 4096

* Wed Jan  2 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-2.fc8
- Fix reading large config files (rhbz #426425)

* Wed Jan  2 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.0-2.fc9
- Fix reading large config files (rhbz #426425)

The proper fix can wait till the next official upstream release.

Note You need to log in before you can comment on or make changes to this bug.