render / rpms / libvirt

Forked from rpms/libvirt 10 months ago
Clone
0a7476
From 773d0240b0d5678f0183eed75dbef7e60d54e3f8 Mon Sep 17 00:00:00 2001
0a7476
Message-Id: <773d0240b0d5678f0183eed75dbef7e60d54e3f8@dist-git>
0a7476
From: John Ferlan <jferlan@redhat.com>
0a7476
Date: Wed, 3 Apr 2019 07:28:30 -0400
0a7476
Subject: [PATCH] qemu: Set identity for the reconnect all thread
0a7476
0a7476
https://bugzilla.redhat.com/show_bug.cgi?id=1631622
0a7476
0a7476
If polkit authentication is enabled, an attempt to open
0a7476
the connection failed during virAccessDriverPolkitGetCaller
0a7476
when the call to virIdentityGetCurrent returned NULL resulting
0a7476
in the errors:
0a7476
0a7476
  virAccessDriverPolkitGetCaller:87 : access denied:
0a7476
  Policy kit denied action org.libvirt.api.connect.getattr from <anonymous>
0a7476
0a7476
Because qemuProcessReconnect runs in a thread during
0a7476
daemonRunStateInit processing it doesn't have the thread
0a7476
local identity. Thus when the virGetConnectNWFilter is
0a7476
called as part of the qemuProcessFiltersInstantiate when
0a7476
virDomainConfNWFilterInstantiate is run the attempt to get
0a7476
the idenity fails and results in the anonymous error above.
0a7476
0a7476
To fix this, let's grab/use the virIdenityPtr of the process
0a7476
that will be creating the thread, e.g. what daemonRunStateInit
0a7476
has set and use that for our thread. That way any other similar
0a7476
processing that uses/requires an identity for any other call
0a7476
that would have previously been successfully run won't fail in
0a7476
a similar manner.
0a7476
0a7476
Signed-off-by: John Ferlan <jferlan@redhat.com>
0a7476
(cherry picked from commit b04b82f8cb671f067bad2d5e922acf88f13f0934)
0a7476
Message-Id: <20190403112830.13099-1-jferlan@redhat.com>
0a7476
Reviewed-by: Erik Skultety <eskultet@redhat.com>
0a7476
---
0a7476
 src/qemu/qemu_process.c | 7 +++++++
0a7476
 1 file changed, 7 insertions(+)
0a7476
0a7476
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
0a7476
index 485e455a44..6945d76b18 100644
0a7476
--- a/src/qemu/qemu_process.c
0a7476
+++ b/src/qemu/qemu_process.c
0a7476
@@ -81,6 +81,7 @@
0a7476
 #include "netdev_bandwidth_conf.h"
0a7476
 #include "virresctrl.h"
0a7476
 #include "virvsock.h"
0a7476
+#include "viridentity.h"
0a7476
 
0a7476
 #define VIR_FROM_THIS VIR_FROM_QEMU
0a7476
 
0a7476
@@ -7621,6 +7622,7 @@ qemuProcessRefreshCPU(virQEMUDriverPtr driver,
0a7476
 struct qemuProcessReconnectData {
0a7476
     virQEMUDriverPtr driver;
0a7476
     virDomainObjPtr obj;
0a7476
+    virIdentityPtr identity;
0a7476
 };
0a7476
 /*
0a7476
  * Open an existing VM's monitor, re-detect VCPU threads
0a7476
@@ -7657,6 +7659,8 @@ qemuProcessReconnect(void *opaque)
0a7476
     virCapsPtr caps = NULL;
0a7476
     bool retry = true;
0a7476
 
0a7476
+    virIdentitySetCurrent(data->identity);
0a7476
+    virObjectUnref(data->identity);
0a7476
     VIR_FREE(data);
0a7476
 
0a7476
     qemuDomainObjRestoreJob(obj, &oldjob);
0a7476
@@ -7878,6 +7882,7 @@ qemuProcessReconnect(void *opaque)
0a7476
     virObjectUnref(cfg);
0a7476
     virObjectUnref(caps);
0a7476
     virNWFilterUnlockFilterUpdates();
0a7476
+    virIdentitySetCurrent(NULL);
0a7476
     return;
0a7476
 
0a7476
  error:
0a7476
@@ -7915,6 +7920,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
0a7476
 
0a7476
     memcpy(data, src, sizeof(*data));
0a7476
     data->obj = obj;
0a7476
+    data->identity = virIdentityGetCurrent();
0a7476
 
0a7476
     virNWFilterReadLockFilterUpdates();
0a7476
 
0a7476
@@ -7938,6 +7944,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
0a7476
 
0a7476
         virDomainObjEndAPI(&obj);
0a7476
         virNWFilterUnlockFilterUpdates();
0a7476
+        virObjectUnref(data->identity);
0a7476
         VIR_FREE(data);
0a7476
         return -1;
0a7476
     }
0a7476
-- 
0a7476
2.21.0
0a7476