diff options
| author | Hans de Goede <hdegoede@redhat.com> | 2011-11-09 20:33:47 +0100 |
|---|---|---|
| committer | Hans de Goede <hdegoede@redhat.com> | 2011-11-16 18:31:30 +0100 |
| commit | 2161b5464fa8ad995ce6116f78aacb4c2389af55 (patch) | |
| tree | d2e1930cdaf60449193e5651d928276047c1b244 /configure.ac | |
| parent | 012f2de1215b2f654571e2ca924f106c24315ba4 (diff) | |
Add a suid root helper to open usb device nodes
spice-client needs to be able to open the device nodes under /dev/bus/usb
to be able to redirect a usb device to the guest. Normally opening these
nodes is only allowed by root. This patch adds a suid root helper which
asks policykit if it is ok to grant raw usb device access, and if policykit
says it is ok, opens up the acl so that the spice-client can open the device
node.
As soon as spice-client closes the stdin of the helper, the helper removes
the extra rights. This ensures that the acl gets put back to normal even if
the spice client crashes. Normally the spice-client closes stdin directly
after opening the device node.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 09d97bc..4a94d7b 100644 --- a/configure.ac +++ b/configure.ac @@ -315,15 +315,34 @@ AC_ARG_ENABLE([usbredir], [Enable usbredir support @<:@default=yes@:>@]), [], [enable_usbredir="yes"]) +AC_ARG_ENABLE([polkit], + AS_HELP_STRING([--enable-polkit=@<:@yes/no@:>@], + [Enable policykit support (for the usb acl helper)@<:@default=yes@:>@]), + [], + [enable_polkit="yes"]) if test "x$enable_usbredir" = "xno"; then AM_CONDITIONAL(WITH_USBREDIR, false) + AM_CONDITIONAL(WITH_POLKIT, false) else PKG_CHECK_MODULES(GUDEV, gudev-1.0) PKG_CHECK_MODULES(LIBUSB, libusb-1.0 >= 1.0.9) PKG_CHECK_MODULES(LIBUSBREDIRHOST, libusbredirhost >= 0.3.1) AC_DEFINE(USE_USBREDIR, [1], [Define if supporting usbredir proxying]) AM_CONDITIONAL(WITH_USBREDIR, true) + if test "x$enable_polkit" = "xno"; then + AM_CONDITIONAL(WITH_POLKIT, false) + else + PKG_CHECK_MODULES(POLKIT, polkit-gobject-1) + AC_CHECK_HEADER([acl/libacl.h],, + AC_MSG_ERROR([cannot find headers for libacl])) + AC_CHECK_LIB([acl], [acl_get_file], [ACL_LIBS=-lacl] [AC_SUBST(ACL_LIBS)], + AC_MSG_ERROR([cannot find libacl])) + AC_DEFINE(USE_POLKIT, [1], [Define if supporting polkit]) + AM_CONDITIONAL(WITH_POLKIT, true) + POLICYDIR=`${PKG_CONFIG} polkit-gobject-1 --variable=policydir` + AC_SUBST(POLICYDIR) + fi fi AC_ARG_WITH([coroutine], |