git.ipfire.org Git - thirdparty/libvirt.git/commit

author	John Ferlan <jferlan@redhat.com>
	Sun, 14 Oct 2018 14:09:32 +0000 (10:09 -0400)
committer	John Ferlan <jferlan@redhat.com>
	Mon, 5 Nov 2018 12:13:03 +0000 (07:13 -0500)
commit	ccc72d5cbdd85f66cb737134b3be40aac1df03ef
tree	b7965cf857c3818ede0c38cd4e8dc0b4758e4b04	tree
parent	67125e0d336ffca1c8dfeb058e3f7217d56c1642	commit \| diff

access: Modify the VIR_ERR_ACCESS_DENIED to include driverName

https://bugzilla.redhat.com/show_bug.cgi?id=1631606

Changes made to manage and utilize a secondary connection
driver to APIs outside the scope of the primary connection
driver have resulted in some confusion processing polkit rules
since the simple "access denied" error message doesn't provide
enough of a clue when combined with the "authentication failed:
access denied by policy" as to which connection driver refused
or failed the ACL check.

In order to provide some context, let's modify the existing
"access denied" error returne from the various vir*EnsureACL
API's to provide the connection driver name that is causing
the failure. This should provide the context for writing the
polkit rules that would allow access via the driver.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>

src/access/viraccessmanager.c		diff \| blob \| blame \| history
src/rpc/gendispatch.pl		diff \| blob \| blame \| history
src/util/virerror.c		diff \| blob \| blame \| history