vmspawn: spawn polkit during registration phase

Just like in nspawn, there's a chance we need to PK authenticate the
registration, hence let's spawn off the agent for that during that
phase, and terminate it once we don't need it anymore.

diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c
index bf16056b15fbf88a9979e0a639eddbed58ec94e9..94453356b6616647509885eeeff0d714946c722c 100644 (file)
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@@ -52,6 +52,7 @@
 #include "path-lookup.h"
 #include "path-util.h"
 #include "pidref.h"
+#include "polkit-agent.h"
 #include "pretty-print.h"
 #include "process-util.h"
 #include "ptyfwd.h"
@@ -1546,6 +1547,8 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
         const char *accel, *shm;
         int r;
 
+        polkit_agent_open();
+
         if (arg_privileged)
                 r = sd_bus_default_system(&bus);
         else
@@ -2378,6 +2381,11 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
                         return r;
         }
 
+        /* All operations that might need Polkit authorizations (i.e. machine registration, netif
+         * acquisition, …) are complete now, get rid of the agent again, so that we retain exclusive control
+         * of the TTY from now on. */
+        polkit_agent_close();
+
         _cleanup_(sd_event_source_unrefp) sd_event_source *notify_event_source = NULL;
         _cleanup_(sd_event_unrefp) sd_event *event = NULL;
         r = sd_event_new(&event);