[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] libvirt daemon UNIX socket auth with PolicyKit



On Wed, Aug 08, 2007 at 02:48:02PM +0100, Daniel P. Berrange wrote:
> > >   - libvirtd use SO_PEERCRED to get the PID of the client
> > 
> > Solaris doesn't have this, but the more powerful getpeerucred():
> > 
> > http://docs.sun.com/app/docs/doc/819-2243/6n4i09924?a=view
> > http://docs.sun.com/app/docs/doc/819-2243/6n4i099nf?a=view
> 
> There's at least 5 different impls of this general context across the
> various UNIX OS :-( I've just suggested to David Z that PolicyKit provide
> a 'polkit_caller_new_from_socket'  API, so all the OS specific code for
> getting a UID from a socket can be isolated in polkicykit libraries rather
> than making each individual app re-implement the portability.

  I think the ability to get the UID of the caller would be useful even
if polkicykit is not available though, that would allow to get rid of 
fs mapped sockets and the reliance on fs attributes.

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]