From c42eaef55440e2594677ede5279bd8c3eaf128f2 Mon Sep 17 00:00:00 2001 From: Val Packett Date: Fri, 27 Feb 2026 05:33:02 -0300 Subject: [PATCH] Support EXTERNAL auth to the client bus with given UID With the virtgpu channel, the proxy is part of muvm-guest, so it does not do the protocol-aware splicing we do here, so it can't do different auth between the sides like sidebus-agent does. But turns out EXTERNAL auth works fine, as long as we correct for the UID difference. --- sidebus-broker/src/main.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/sidebus-broker/src/main.rs b/sidebus-broker/src/main.rs index 875f480..aad976b 100644 --- a/sidebus-broker/src/main.rs +++ b/sidebus-broker/src/main.rs @@ -49,6 +49,10 @@ struct BrokerCli { #[clap(long)] unix_path: Option, + /// Use ANONYMOUS auth to connect to the guest bus instead of EXTERNAL with the provided --guest-uid + #[clap(long)] + guest_bus_anonymous_auth: bool, + /// The user ID for the appvm user inside of the guest #[clap(long, default_value = "1337")] guest_uid: u32, @@ -277,8 +281,11 @@ async fn main() -> eyre::Result<()> { server_tasks.spawn(enclose!((file_chooser_imp, file_transfer_imp, notification_imp, print_imp, settings_imp) async move { while let Ok((socket, remote_addr)) = vm_unix_listener.accept().await { let f = enclose!((file_chooser_imp, file_transfer_imp, notification_imp, print_imp, settings_imp) async move { - let client_conn = zbus::connection::Builder::unix_stream(socket) - .auth_mechanism(zbus::AuthMechanism::Anonymous) + let client_conn = if cli.guest_bus_anonymous_auth { + zbus::connection::Builder::unix_stream(socket).auth_mechanism(zbus::AuthMechanism::Anonymous) + } else { + zbus::connection::Builder::unix_stream(socket).user_id(cli.guest_uid) + } .name("org.freedesktop.portal.Desktop")? .name("org.freedesktop.portal.Documents")? .build()