[openstack-nova] Support newer polkit config format to allow communication with libvirtd

Pádraig Brady pbrady at fedoraproject.org
Mon Sep 24 13:32:58 UTC 2012 

commit 837d9eb4ed203ec917c09c880f83362e0965172d
Author: Pádraig Brady <P at draigBrady.com>
Date:   Mon Sep 24 14:09:30 2012 +0100

    Support newer polkit config format to allow communication with libvirtd
    
    Note polkit-0.104 in Fedora 17 doesn't support the newer
    format config of polkit-0.106 in Fedora 18.
    Therefore we ship both formats for the moment.
    
    The new rules are from Federico Simoncelli <fsimonce at redhat.com>
    Fixes bug #858311

 nova-polkit.rules   |    8 ++++++++
 openstack-nova.spec |    7 +++++++
 2 files changed, 15 insertions(+), 0 deletions(-)
---
diff --git a/nova-polkit.rules b/nova-polkit.rules
new file mode 100644
index 0000000..5a9df09
--- /dev/null
+++ b/nova-polkit.rules
@@ -0,0 +1,8 @@
+# openstack-nova libvirt management permissions
+
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.libvirt.unix.manage" &&
+        subject.user == "nova") {
+        return polkit.Result.YES;
+    }
+});
diff --git a/openstack-nova.spec b/openstack-nova.spec
index e948c64..c462383 100644
--- a/openstack-nova.spec
+++ b/openstack-nova.spec
@@ -26,6 +26,7 @@ Source20:         openstack-nova-consoleauth.service
 Source25:         openstack-nova-metadata-api.service
 
 Source21:         nova-polkit.pkla
+Source23:         nova-polkit.rules
 Source22:         nova-ifc-template
 Source24:         nova-sudoers
 
@@ -433,8 +434,12 @@ install -p -D -m 644 %{SOURCE22} %{buildroot}%{_datarootdir}/nova/interfaces.tem
 mkdir -p %{buildroot}%{_datarootdir}/nova/rootwrap/
 install -p -D -m 644 etc/nova/rootwrap.d/* %{buildroot}%{_datarootdir}/nova/rootwrap/
 
+# Older format. Remove when we no longer want to support Fedora 17 with master branch packages
 install -d -m 755 %{buildroot}%{_sysconfdir}/polkit-1/localauthority/50-local.d
 install -p -D -m 644 %{SOURCE21} %{buildroot}%{_sysconfdir}/polkit-1/localauthority/50-local.d/50-nova.pkla
+# Newer format since Fedora 18
+install -d -m 755 %{buildroot}%{_sysconfdir}/polkit-1/rules.d
+install -p -D -m 644 %{SOURCE23} %{buildroot}%{_sysconfdir}/polkit-1/rules.d/50-nova.rules
 
 # Remove unneeded in production stuff
 rm -f %{buildroot}%{_bindir}/nova-debug
@@ -640,6 +645,7 @@ fi
 %config(noreplace) %{_sysconfdir}/logrotate.d/openstack-nova
 %config(noreplace) %{_sysconfdir}/sudoers.d/nova
 %config(noreplace) %{_sysconfdir}/polkit-1/localauthority/50-local.d/50-nova.pkla
+%config(noreplace) %{_sysconfdir}/polkit-1/rules.d/50-nova.rules
 
 %dir %attr(0755, nova, root) %{_localstatedir}/log/nova
 %dir %attr(0755, nova, root) %{_localstatedir}/run/nova
@@ -733,6 +739,7 @@ fi
 
 %changelog
 * Mon Sep 24 2012 Pádraig Brady <pbrady at redhat.com> - 2012.2-0.9.rc1
+- Support newer polkit config format to allow communication with libvirtd
 
 * Fri Sep 21 2012 Pádraig Brady <pbrady at redhat.com> - 2012.2-0.8.rc1
 - Update to folsom rc1

More information about the scm-commits mailing list