[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Default to qemu:///system if accessible



On Fri, Sep 03, 2010 at 03:28:58PM +0200, Soren Hansen wrote:
> If no uri is passed to one of the virConnectOpen-ish calls, libvirt
> attempts to autoprobe a sensible URI. Part of the current logic checks
> for getuid() > 0, and if that check is succesful, a libvirtd daemon is
> spawned. This patch replaces this check with a call to
> access(LIBVIRTD_PRIV_UNIX_SOCKET, W_OK) so that users with access to the
> qemu:///system UNIX socket connect to that one by default instead of
> spawning a new libvirtd daemon.

NACK, I don't think we should be changing this. If the user
is unprivileged, it should always default to the unprivileged
libvirtd, regardless of whether they are also authorized to
connect to the privileged libvirtd (via socket permissions or
policykit, or kerberos). If the unprivileged user still wants
the privileged libvirtd, they should given an explicit URI.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]