From 837d9eb4ed203ec917c09c880f83362e0965172d Mon Sep 17 00:00:00 2001
From: Pádraig Brady <P@draigBrady.com>
Date: Sep 24 2012 13:09:30 +0000
Subject: Support newer polkit config format to allow communication with libvirtd


Note polkit-0.104 in Fedora 17 doesn't support the newer
format config of polkit-0.106 in Fedora 18.
Therefore we ship both formats for the moment.

The new rules are from Federico Simoncelli <fsimonce@redhat.com>
Fixes bug #858311

---

diff --git a/nova-polkit.rules b/nova-polkit.rules
new file mode 100644
index 0000000..5a9df09
--- /dev/null
+++ b/nova-polkit.rules
@@ -0,0 +1,8 @@
+# openstack-nova libvirt management permissions
+
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.libvirt.unix.manage" &&
+        subject.user == "nova") {
+        return polkit.Result.YES;
+    }
+});
diff --git a/openstack-nova.spec b/openstack-nova.spec
index e948c64..c462383 100644
--- a/openstack-nova.spec
+++ b/openstack-nova.spec
@@ -26,6 +26,7 @@ Source20:         openstack-nova-consoleauth.service
 Source25:         openstack-nova-metadata-api.service
 
 Source21:         nova-polkit.pkla
+Source23:         nova-polkit.rules
 Source22:         nova-ifc-template
 Source24:         nova-sudoers
 
@@ -433,8 +434,12 @@ install -p -D -m 644 %{SOURCE22} %{buildroot}%{_datarootdir}/nova/interfaces.tem
 mkdir -p %{buildroot}%{_datarootdir}/nova/rootwrap/
 install -p -D -m 644 etc/nova/rootwrap.d/* %{buildroot}%{_datarootdir}/nova/rootwrap/
 
+# Older format. Remove when we no longer want to support Fedora 17 with master branch packages
 install -d -m 755 %{buildroot}%{_sysconfdir}/polkit-1/localauthority/50-local.d
 install -p -D -m 644 %{SOURCE21} %{buildroot}%{_sysconfdir}/polkit-1/localauthority/50-local.d/50-nova.pkla
+# Newer format since Fedora 18
+install -d -m 755 %{buildroot}%{_sysconfdir}/polkit-1/rules.d
+install -p -D -m 644 %{SOURCE23} %{buildroot}%{_sysconfdir}/polkit-1/rules.d/50-nova.rules
 
 # Remove unneeded in production stuff
 rm -f %{buildroot}%{_bindir}/nova-debug
@@ -640,6 +645,7 @@ fi
 %config(noreplace) %{_sysconfdir}/logrotate.d/openstack-nova
 %config(noreplace) %{_sysconfdir}/sudoers.d/nova
 %config(noreplace) %{_sysconfdir}/polkit-1/localauthority/50-local.d/50-nova.pkla
+%config(noreplace) %{_sysconfdir}/polkit-1/rules.d/50-nova.rules
 
 %dir %attr(0755, nova, root) %{_localstatedir}/log/nova
 %dir %attr(0755, nova, root) %{_localstatedir}/run/nova
@@ -733,6 +739,7 @@ fi
 
 %changelog
 * Mon Sep 24 2012 Pádraig Brady <pbrady@redhat.com> - 2012.2-0.9.rc1
+- Support newer polkit config format to allow communication with libvirtd
 
 * Fri Sep 21 2012 Pádraig Brady <pbrady@redhat.com> - 2012.2-0.8.rc1
 - Update to folsom rc1