Fix polkit permission names for storage pools, vols & node devices

The polkit access driver used the wrong permission names for checks on storage pools, volumes and node devices. This led to them always being denied access. The 'dettach' permission was also mis-spelt and should have been 'detach'. While permission names are ABI sensitive, the fact that the code used the wrong object name for checking node device permissions, means that no one could have used the mis-spelt 'dettach' permission. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2025-03-20 07:59:00 +00:00 · 2013-09-11 14:23:24 +01:00 · 2013-09-11 14:23:24 +01:00 · 621849383a
commit 621849383a
parent f084caae7c
4 changed files with 9 additions and 9 deletions
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@ -248,7 +248,7 @@ virAccessDriverPolkitCheckNodeDevice(virAccessManagerPtr manager,
    };

    return virAccessDriverPolkitCheck(manager,
-                                      "nodedevice",
+                                      "node-device",
                                      virAccessPermNodeDeviceTypeToString(perm),
                                      attrs);
 }
@ -355,7 +355,7 @@ virAccessDriverPolkitCheckStoragePool(virAccessManagerPtr manager,
    virUUIDFormat(pool->uuid, uuidstr);

    return virAccessDriverPolkitCheck(manager,
-                                      "pool",
+                                      "storage-pool",
                                      virAccessPermStoragePoolTypeToString(perm),
                                      attrs);
 }
@ -379,7 +379,7 @@ virAccessDriverPolkitCheckStorageVol(virAccessManagerPtr manager,
    virUUIDFormat(pool->uuid, uuidstr);

    return virAccessDriverPolkitCheck(manager,
-                                      "vol",
+                                      "storage-vol",
                                      virAccessPermStorageVolTypeToString(perm),
                                      attrs);
 }
--- a/src/access/viraccessperm.c
+++ b/src/access/viraccessperm.c
@ -58,7 +58,7 @@ VIR_ENUM_IMPL(virAccessPermNodeDevice,
              VIR_ACCESS_PERM_NODE_DEVICE_LAST,
              "getattr", "read", "write",
              "start", "stop",
-              "dettach");
+              "detach");

 VIR_ENUM_IMPL(virAccessPermNWFilter,
              VIR_ACCESS_PERM_NWFILTER_LAST,
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@ -427,7 +427,7 @@ typedef enum {
     * @desc: Detach node device
     * @message: Detaching node device driver requires authorization
     */
-    VIR_ACCESS_PERM_NODE_DEVICE_DETTACH,
+    VIR_ACCESS_PERM_NODE_DEVICE_DETACH,

    VIR_ACCESS_PERM_NODE_DEVICE_LAST
 } virAccessPermNodeDevice;
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@ -3696,19 +3696,19 @@ enum remote_procedure {

    /**
     * @generate: server
-     * @acl: node_device:dettach
+     * @acl: node_device:detach
     */
    REMOTE_PROC_NODE_DEVICE_DETTACH = 118,

    /**
     * @generate: server
-     * @acl: node_device:dettach
+     * @acl: node_device:detach
     */
    REMOTE_PROC_NODE_DEVICE_RE_ATTACH = 119,

    /**
     * @generate: server
-     * @acl: node_device:dettach
+     * @acl: node_device:detach
     */
    REMOTE_PROC_NODE_DEVICE_RESET = 120,

@ -4929,7 +4929,7 @@ enum remote_procedure {

    /**
     * @generate: server
-     * @acl: node_device:dettach
+     * @acl: node_device:detach
     */
    REMOTE_PROC_NODE_DEVICE_DETACH_FLAGS = 301,