95 lines
3.1 KiB
Diff
95 lines
3.1 KiB
Diff
From 4df55f75bf523e3c1964198299713bdfa85fbad2 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <4df55f75bf523e3c1964198299713bdfa85fbad2@dist-git>
|
|
From: John Ferlan <jferlan@redhat.com>
|
|
Date: Wed, 14 Nov 2018 14:41:31 -0500
|
|
Subject: [PATCH] qemu: Set identity for the reconnect all thread
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1648546 (RHEL8)
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1631622 (RHEL7)
|
|
|
|
If polkit authentication is enabled, an attempt to open
|
|
the connection failed during virAccessDriverPolkitGetCaller
|
|
when the call to virIdentityGetCurrent returned NULL resulting
|
|
in the errors:
|
|
|
|
virAccessDriverPolkitGetCaller:87 : access denied:
|
|
Policy kit denied action org.libvirt.api.connect.getattr from <anonymous>
|
|
|
|
Because qemuProcessReconnect runs in a thread during
|
|
daemonRunStateInit processing it doesn't have the thread
|
|
local identity. Thus when the virGetConnectNWFilter is
|
|
called as part of the qemuProcessFiltersInstantiate when
|
|
virDomainConfNWFilterInstantiate is run the attempt to get
|
|
the idenity fails and results in the anonymous error above.
|
|
|
|
To fix this, let's grab/use the virIdenityPtr of the process
|
|
that will be creating the thread, e.g. what daemonRunStateInit
|
|
has set and use that for our thread. That way any other similar
|
|
processing that uses/requires an identity for any other call
|
|
that would have previously been successfully run won't fail in
|
|
a similar manner.
|
|
|
|
Signed-off-by: John Ferlan <jferlan@redhat.com>
|
|
(cherry picked from commit b04b82f8cb671f067bad2d5e922acf88f13f0934)
|
|
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
|
---
|
|
src/qemu/qemu_process.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
|
|
index 8ba14abfa4..4b99fbd835 100644
|
|
--- a/src/qemu/qemu_process.c
|
|
+++ b/src/qemu/qemu_process.c
|
|
@@ -81,6 +81,7 @@
|
|
#include "netdev_bandwidth_conf.h"
|
|
#include "virresctrl.h"
|
|
#include "virvsock.h"
|
|
+#include "viridentity.h"
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_QEMU
|
|
|
|
@@ -7609,6 +7610,7 @@ qemuProcessRefreshCPU(virQEMUDriverPtr driver,
|
|
struct qemuProcessReconnectData {
|
|
virQEMUDriverPtr driver;
|
|
virDomainObjPtr obj;
|
|
+ virIdentityPtr identity;
|
|
};
|
|
/*
|
|
* Open an existing VM's monitor, re-detect VCPU threads
|
|
@@ -7645,6 +7647,8 @@ qemuProcessReconnect(void *opaque)
|
|
virCapsPtr caps = NULL;
|
|
bool retry = true;
|
|
|
|
+ virIdentitySetCurrent(data->identity);
|
|
+ virObjectUnref(data->identity);
|
|
VIR_FREE(data);
|
|
|
|
qemuDomainObjRestoreJob(obj, &oldjob);
|
|
@@ -7865,6 +7869,7 @@ qemuProcessReconnect(void *opaque)
|
|
virObjectUnref(cfg);
|
|
virObjectUnref(caps);
|
|
virNWFilterUnlockFilterUpdates();
|
|
+ virIdentitySetCurrent(NULL);
|
|
return;
|
|
|
|
error:
|
|
@@ -7902,6 +7907,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
|
|
|
|
memcpy(data, src, sizeof(*data));
|
|
data->obj = obj;
|
|
+ data->identity = virIdentityGetCurrent();
|
|
|
|
virNWFilterReadLockFilterUpdates();
|
|
|
|
@@ -7925,6 +7931,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
|
|
|
|
virDomainObjEndAPI(&obj);
|
|
virNWFilterUnlockFilterUpdates();
|
|
+ virObjectUnref(data->identity);
|
|
VIR_FREE(data);
|
|
return -1;
|
|
}
|
|
--
|
|
2.19.2
|
|
|