[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] PATCH: Support PolicyKit 1.0



On Thu, 2009-08-06 at 13:39 +0100, Daniel P. Berrange wrote:
> In the seriously annoying way of things, the newest PolicyKit in Fedora 12
> has been completely re-written from scratch with a totally incompatible
> application facing API.  Conceptually it is still pretty similar though,
> with the exception that client applications no longer need to explicitly
> launch an auth dialog - that's done out-of-band by policykit itself.
> 
> This patch adjusts libvirtd to the new API, and removes the libvirt client
> side code that spawned the auth helper. On the libvirtd side avoid their
> APIs and instead spawn an external auth checking program 'pkcheck', which
> returns 0 on success, non-0 for denial.
> 
> In the final annoying bit, the XML format for the policy has remained with
> exactly the same DTD version, except that it has quietly changed the allowed
> values for some attributes in an incompatible manner.  So I have to add a
> new policy file too.
> 
> NB, it may not look like we've changed the client side, but we have, since
> the #ifdef for the external auth agent is no longer set.

Okay, I've only given this a fairly cursory look over, but it seems
fairly straightforward and correct. ACK.

At least the new code is simpler ...

Cheers,
Mark.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]