qemu/dbus: Allow connections from root to the dbus-daemon

In commit dbfb96d18c04 libvirt started connecting to the daemon to set
RDP credentials, but our configuration file did not allow connections
from the root user, so the connection failed and the VM failed to start.

In order to avoid such issue allow root to connect if the daemon is
running privileged.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_dbus.c b/src/qemu/qemu_dbus.c
index a9e2fb0fe231516c2e0cc26ffccb4217b588dbb3..625884ad467f95cf6d08626d87ec97dfb85884da 100644 (file)
--- a/src/qemu/qemu_dbus.c
+++ b/src/qemu/qemu_dbus.c
@@ -116,7 +116,7 @@ qemuDBusConnect(virQEMUDriver *driver,
 
 
 static int
-qemuDBusWriteConfig(const char *filename, const char *path)
+qemuDBusWriteConfig(const char *filename, const char *path, bool privileged)
 {
     g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
     g_autofree char *config = NULL;
@@ -138,6 +138,9 @@ qemuDBusWriteConfig(const char *filename, const char *path)
     virBufferAddLit(&buf, "<allow eavesdrop='true'/>\n");
     virBufferAddLit(&buf, "<!-- Allow anyone to own anything -->\n");
     virBufferAddLit(&buf, "<allow own='*'/>\n");
+    if (privileged)
+        virBufferAddLit(&buf, "<allow user='root'/>\n");
+
     virBufferAdjustIndent(&buf, -2);
     virBufferAddLit(&buf, "</policy>\n");
 
@@ -242,7 +245,7 @@ qemuDBusStart(virQEMUDriver *driver,
     configfile = qemuDBusCreateConfPath(cfg, shortName);
     sockpath = qemuDBusCreateSocketPath(cfg, shortName);
 
-    if (qemuDBusWriteConfig(configfile, sockpath) < 0) {
+    if (qemuDBusWriteConfig(configfile, sockpath, driver->privileged) < 0) {
         virReportSystemError(errno, _("Failed to write '%1$s'"), configfile);
         return -1;
     }