vmspawn: spawn polkit during registration phase

Just like in nspawn, there's a chance we need to PK authenticate the registration, hence let's spawn off the agent for that during that phase, and terminate it once we don't need it anymore.
2026-04-15 00:47:10 +09:00 · 2025-06-12 11:48:37 +02:00
parent 6dc6e6459b
commit 3cfa7826d2
1 changed files with 8 additions and 0 deletions
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@@ -52,6 +52,7 @@
 #include "path-lookup.h"
 #include "path-util.h"
 #include "pidref.h"
+#include "polkit-agent.h"
 #include "pretty-print.h"
 #include "process-util.h"
 #include "ptyfwd.h"
@@ -1546,6 +1547,8 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
        const char *accel, *shm;
        int r;

+        polkit_agent_open();
+
        if (arg_privileged)
                r = sd_bus_default_system(&bus);
        else
@@ -2378,6 +2381,11 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
                        return r;
        }

+        /* All operations that might need Polkit authorizations (i.e. machine registration, netif
+         * acquisition, …) are complete now, get rid of the agent again, so that we retain exclusive control
+         * of the TTY from now on. */
+        polkit_agent_close();
+
        _cleanup_(sd_event_source_unrefp) sd_event_source *notify_event_source = NULL;
        _cleanup_(sd_event_unrefp) sd_event *event = NULL;
        r = sd_event_new(&event);