[Libvir] libvirt daemon UNIX socket auth with PolicyKit
Daniel P. Berrange
berrange at redhat.com
Wed Aug 8 17:58:26 UTC 2007
On Wed, Aug 08, 2007 at 04:02:25PM +0100, Richard W.M. Jones wrote:
> Daniel P. Berrange wrote:
> >On Wed, Aug 08, 2007 at 03:42:30PM +0100, Richard W.M. Jones wrote:
> >>Daniel P. Berrange wrote:
> >> srw-rw---- 1 root virtstaff 0 2007-06-29 15:50
> >>/var/run/libvirt/libvirt-sock
> >
> >That either gives a user full access without requiring any password, or
> >requires that the app run as root. That's just a mild tweaking of the
> >status quo. It doesn't allow us to authenticate a non-root user to allow
> >them access without the app itself being run as root.
>
> I wouldn't call it a "mild tweaking of the status quo". It lets an
> administrator designate staff who are permitted to manage virtualization
> (ie. by adding them to the virtstaff group), and then those staff can
> run management programs as themselves (non-root). If typing in a
> password is important because it proves that at the moment that the
> program was started, then the staff member was sitting in front of the
> computer (but not, like, later on or anything), then perhaps the
> administrators of these super secure systems should ensure their staff
> use screensavers.
>
> Anyhow isn't this something which SELinux was supposed to solve?
Yes - but with the caveat that it only solves it if running in 'strict'
mode. In 'targetted' mode all user accounts are unconfined_t so can do
pretty much anything they like. So we can't usefully leverage SELinux
for this in most common deployements.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the libvir-list
mailing list