[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] API to upgrade read-only connection



On Thu, Jan 10, 2013 at 03:12:18AM +0200, Zeeshan Ali (Khattak) wrote:
> Hi,
>   Once again, I'll be lazy and just copy&paste an IRC conversation but
> please don't hesitate to ask if something needs clarification:
> 
> <zeenix> am i missing something or there is no way to 'upgrade' a
> read-only connection to a normal one?
> <eblake_out> zeenix: looks like you have to create a new connection if
> you want new privileges
> <eblake_out> although you may want to float it by the list to see if a
> new API for upgrading an existing connection makes sense
> <eblake_out> especially in light of danpb's work-in-progress on adding
> fine-grained ACLs
> <zeenix> ah ok
> <zeenix> eblake_out: we'd like to connect to system libvirt as well by
> default in boxes
> <zeenix> but would be nice to avoid the polkit dialog until we really
> need full-access

Really the concept of separate read-only vs read-write connections is
completely flawed. In a world where you have proper access control on
individual APIs, you'd just have a single connection you let anyone
connect to, and then do the  checks at API call time which would trigger
auth as required

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]