[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Default to qemu:///system if accessible



On 03-09-2010 15:59, Daniel Veillard wrote:
>> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
>> index a945710..17e6ead 100644
>> --- a/src/remote/remote_driver.c
>> +++ b/src/remote/remote_driver.c
>> @@ -1086,7 +1086,7 @@ remoteOpen (virConnectPtr conn,
>>      if (!conn->uri) {
>>          DEBUG0("Auto-probe remote URI");
>>  #ifndef __sun
>> -        if (getuid() > 0) {
>> +        if (access(LIBVIRTD_PRIV_UNIX_SOCKET, W_OK)) {
>>              DEBUG0("Auto-spawn user daemon instance");
>>              rflags |= VIR_DRV_OPEN_REMOTE_USER;
>>              if (!autostart ||
> 
> Hum, that sounds like a change of semantic.

Depends. I think of the (getuid() > 0) as a check for whether you can
access the privileged UNIX socket that simply doesn't take into account
that users other than root may have been given this privilege by way of
membership of the group owning the socket.

> Before as non root you would span a local daemon, now you use the system
> one. I'm not saying it's a bad thing in most cases but it's a serious
> change, and we try to avoid those in general.

As I suggested in another e-mail a short while ago in this thread, I'm
making this change to maintain the status quo in Ubuntu. We already do
this in virsh and virt-viewer and something very, very similar in
virt-manager. Someone recently dropped the virt-viewer patch by mistake,
and I decided to make the change directly in libvirt to not change how
libvirt has behaved for us in the past couple of years, so I can
certainly relate to your desire to not change the behaviour.

Personally, at least, I find this behaviour much more pleasant. On all
my servers, I just grant whoever needs to be able to deal with the VM's
on it access to the socket (by adding them to the libvirtd group), and
that's it. I don't need to instruct them to set per-application
environment variables or whatever.

Generally, I use libvirt on two classes of machine: Workstations/laptops
(where I'm functionally the only user), or on servers whose job is to
run virtual machines and nothing else.

In the former case, obviously I want to use the systemwide libvirtd to
get access to all the fancy networking things. I have absolutely no
motivation to use qemu:///session on there anymore.

In the latter case, only people who are supposed to manage the virtual
machines will have access to the server, and IMO they have no business
running stuff under qemu:///session on that box.

The only situation where I actually need qemu:///session is if I for
some reason want to run a VM on a machine that isn't mine (neither in
terms of ownership, nor responsibility). So far, that's never happened.
It's cool that it's possible(!), but I've never needed it.

-- 
Soren Hansen
Ubuntu Developer
http://www.ubuntu.com/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]