From 4df55f75bf523e3c1964198299713bdfa85fbad2 Mon Sep 17 00:00:00 2001

Message-Id: <4df55f75bf523e3c1964198299713bdfa85fbad2@dist-git>

From: John Ferlan <jferlan@redhat.com>

Date: Wed, 14 Nov 2018 14:41:31 -0500

Subject: [PATCH] qemu: Set identity for the reconnect all thread

https://bugzilla.redhat.com/show_bug.cgi?id=1648546 (RHEL8)

https://bugzilla.redhat.com/show_bug.cgi?id=1631622 (RHEL7)

If polkit authentication is enabled, an attempt to open

the connection failed during virAccessDriverPolkitGetCaller

when the call to virIdentityGetCurrent returned NULL resulting

in the errors:

  virAccessDriverPolkitGetCaller:87 : access denied:

  Policy kit denied action org.libvirt.api.connect.getattr from <anonymous>

Because qemuProcessReconnect runs in a thread during

daemonRunStateInit processing it doesn't have the thread

local identity. Thus when the virGetConnectNWFilter is

called as part of the qemuProcessFiltersInstantiate when

virDomainConfNWFilterInstantiate is run the attempt to get

the idenity fails and results in the anonymous error above.

To fix this, let's grab/use the virIdenityPtr of the process

that will be creating the thread, e.g. what daemonRunStateInit

has set and use that for our thread. That way any other similar

processing that uses/requires an identity for any other call

that would have previously been successfully run won't fail in

a similar manner.

Signed-off-by: John Ferlan <jferlan@redhat.com>

(cherry picked from commit b04b82f8cb671f067bad2d5e922acf88f13f0934)

Reviewed-by: Erik Skultety <eskultet@redhat.com>

---

 src/qemu/qemu_process.c | 7 +++++++

 1 file changed, 7 insertions(+)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c

index 8ba14abfa4..4b99fbd835 100644

--- a/src/qemu/qemu_process.c

+++ b/src/qemu/qemu_process.c

@@ -81,6 +81,7 @@

 #include "netdev_bandwidth_conf.h"

 #include "virresctrl.h"

 #include "virvsock.h"

+#include "viridentity.h"

 #define VIR_FROM_THIS VIR_FROM_QEMU

@@ -7609,6 +7610,7 @@ qemuProcessRefreshCPU(virQEMUDriverPtr driver,

 struct qemuProcessReconnectData {

     virQEMUDriverPtr driver;

     virDomainObjPtr obj;

+    virIdentityPtr identity;

 };

 /*

  * Open an existing VM's monitor, re-detect VCPU threads

@@ -7645,6 +7647,8 @@ qemuProcessReconnect(void *opaque)

     virCapsPtr caps = NULL;

     bool retry = true;

+    virIdentitySetCurrent(data->identity);

+    virObjectUnref(data->identity);

     VIR_FREE(data);

     qemuDomainObjRestoreJob(obj, &oldjob);

@@ -7865,6 +7869,7 @@ qemuProcessReconnect(void *opaque)

     virObjectUnref(cfg);

     virObjectUnref(caps);

     virNWFilterUnlockFilterUpdates();

+    virIdentitySetCurrent(NULL);

     return;

  error:

@@ -7902,6 +7907,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,

     memcpy(data, src, sizeof(*data));

     data->obj = obj;

+    data->identity = virIdentityGetCurrent();

     virNWFilterReadLockFilterUpdates();

@@ -7925,6 +7931,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,

         virDomainObjEndAPI(&obj);

         virNWFilterUnlockFilterUpdates();

+        virObjectUnref(data->identity);

         VIR_FREE(data);

         return -1;

     }

-- 

2.19.2