[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Default to qemu:///system if accessible



On 09/03/2010 02:38 PM, Soren Hansen wrote:
NACK, I don't think we should be changing this. If the user
is unprivileged, it should always default to the unprivileged
libvirtd, regardless of whether they are also authorized to
connect to the privileged libvirtd (via socket permissions or
policykit, or kerberos). If the unprivileged user still wants
the privileged libvirtd, they should given an explicit URI.

Hm... I didn't think this was going to be controversial :)

Maybe a less-controversial patch would be changing configure.ac to add a configure option for the default URI string for non-privileged users? Right now, the default is hard-coded to qemu:///session, but by letting it be a configure choice, then it would be up to the end user (or distro) whether to risk the default of qemu:///system as well as exposing the socket as writable.

--
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]