From a534e0bf1a1ec0abc1d1f673af1b70fbf8239350 Mon Sep 17 00:00:00 2001
From: Sunil Thaha <sthaha@redhat.com>
Date: Mon, 21 Jan 2013 17:00:50 +1000
Subject: [PATCH] Fixes nova-compute failing to start on Fedora 18

Fixes bug #1086784
Adds a rule to the policy-kit allowing the stack user to manage libvirt

Change-Id: I6e9c0106c932f5f5f5c5c18ff79ac81a050c4599
---
 lib/nova | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/nova b/lib/nova
index f0456d61c1..289336690d 100644
--- a/lib/nova
+++ b/lib/nova
@@ -247,11 +247,25 @@ EOF
             LIBVIRT_DAEMON=libvirtd
         fi
 
-        # For distributions using polkit to authorize access to libvirt,
-        # configure polkit accordingly.
-        # Based on http://wiki.libvirt.org/page/SSHPolicyKitSetup
+
+
         if is_fedora; then
-            sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
+            # Starting with fedora 18 enable stack-user to virsh -c qemu:///system
+            # by creating a policy-kit rule for stack-user
+            if [[ "$os_RELEASE" -ge "18" ]]; then
+                rules_dir=/etc/polkit-1/rules.d
+                sudo mkdir -p $rules_dir
+                sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules
+polkit.addRule(function(action, subject) {
+     if (action.id == 'org.libvirt.unix.manage' &&
+         subject.user == '"$STACK_USER"') {
+         return polkit.Result.YES;
+     }
+});
+EOF"
+                unset rules_dir
+            else
+                sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
 [libvirt Management Access]
 Identity=unix-group:libvirtd
 Action=org.libvirt.unix.manage
@@ -259,6 +273,7 @@ ResultAny=yes
 ResultInactive=yes
 ResultActive=yes
 EOF'
+            fi
         elif is_suse; then
             # Work around the fact that polkit-default-privs overrules pklas
             # with 'unix-group:$group'.