[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Libvir] PATCH: Don't request polkit auth if client is root

From: Jim Meyering <jim meyering net>
To: "Daniel P. Berrange" <berrange redhat com>
Cc: libvir-list redhat com
Subject: Re: [Libvir] PATCH: Don't request polkit auth if client is root
Date: Fri, 04 Apr 2008 09:55:50 +0200

"Daniel P. Berrange" <berrange redhat com> wrote:
> This patch makes two adjustments to the way policy kit authentication is
> done.
>
>  - Currently the server unconditionally ask the client to do policykit
>    authentication. This is unnecessary if the remote client is running
>    as root, which we can check via UNIX socket credentials. Unconditionally
>    asking plays havoc with SSH tunneling, so this patch makes it check the
>    socket credentials &not ask for auth if the client is UID==0
>
>  - The virsh client will unconditionally call polkit-auth to request
>    credentials. This is also unneccessary if the client is running as
>    root, so this patch makes it skip that step as root.
>
> The patch is bigger than it seems because removing an if() conditional
> made a huge chunk be re-indented.

Good idea.  Looks fine.
ACK.

[BTW, thanks for the SO_PEERCRED example -- I didn't know about it,
 and was surprised to find so little documentation on it. ]

Follow-Ups:
- Re: [Libvir] PATCH: Don't request polkit auth if client is root
  - From: Daniel Veillard
- Re: [Libvir] PATCH: Don't request polkit auth if client is root
  - From: Daniel P. Berrange

References:
- [Libvir] PATCH: Don't request polkit auth if client is root
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]