[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] [RFC PATCH] Solaris least privilege



On Thu, Apr 24, 2008 at 09:54:19AM -0400, Daniel Veillard wrote:

>   in general the idea of removing all those geteid() == 0 and replacing
> them like xenHavePrivilege() is a good one. The patch includes stuff which
> is not strictly related like the virsh console cleanup which should be
> separated.

Sure, at merge time everything will be split up appropriately. BTW, it
is related very much: only xenconsole has privilege to connect to Xen
consoles.

> Also it seems you use some socket auth extensions to detect the
> uid of the other process, we do that already in qemud/qemud.c see
> function qemudGetSocketIdentity() , maybe we should abstract that in the
> util.c module and provide the _sun version there.

It's not about UID but privilege. The Identity stuff is only used under
HAVE_POLKIT, so I'm not sure there's much commonality that can be
abstracted. Can you describe further what you would expect it to look
like?

regards
john


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]