[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] PATCH: Allow remote driver to handle any connection URI



Daniel P. Berrange wrote:
> We currently have logic in the remote driver so that it handles the local
> QEMU driver URIs, so they get re-directed to the daemon. It also handles
> networking APIs for Xen driver. For normal APIs, Xen has the auto-spawned
> setuid proxy daemon. This was very useful at the time we wrote it, but it
> only supports a handful of operations, and only in read-only mode. One other
> factor is that SUSE, for example, do not ship it because it is setuid. I
> don't know whether this is just a general policy, or just because they've
> not had time to audit it, but that's not very good for their users.
>   

Yep.  Reason is the former.  But this can be overridden (followed by an
audit) if there is a good case.  Apparently my case wasn't strong
enough.  Too be fair though, I didn't push hard.  And now that I've seen
this mail I'm reminded that I wanted to push this for openSUSE 10.3 --
which went GM today :-(.

Jim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]