[libvirt] [PATCH] Allow root users to have their own configuration file

Daniel P. Berrange berrange at redhat.com
Thu Sep 12 10:00:45 UTC 2013 

On Thu, Sep 12, 2013 at 11:53:32AM +0200, Martin Kletzander wrote:
> Currently, we have two configuration file paths, one global (where
> "global" means root-only and we're probably not changing this in near
> future) and one per-user.  Unfortunately root user cannot use the
> second option because until now we were choosing the file path
> depending only on whether the user is root or not.
> 
> This patch modifies the mentioned behavior for root only, allowing him
> to set his own configuration files without changing anything in
> system-wide configuration folders.
> 
> This also makes the virsh-uriprecedence test pass its first test case
> when ran as root.
> 
> Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
> ---
> 
> Notes:
>     I'm playing along previously mentioned "proper behavior" in this
>     patch.  However, IMNSHO, our "global" or "system-wide" configuration
>     file (defaulting to '/etc/libvirt/libvirt.conf') should be accessible
>     for all users since this has no security impact (security information
>     may be in files 'libvirtd.conf' or 'qemu.conf').  This file should be
>     also read and used for all users.  After that, settings in user
>     configuration file (defaulting to '~/.config/libvirt/libvirt.conf')
>     may override some of these settings for that user.
>     
>     This is how all sensible configurations are loaded and that's also
>     what I'd prefer.  Unfortunately some developers feels this should be
>     done in completely different way.
> 
>  src/libvirt.c | 56 ++++++++++++++++++++++++++++++++++++--------------------
>  1 file changed, 36 insertions(+), 20 deletions(-)

NACK to this. The root user already has their own dedicated configuration
file, /etc/libvirt/libvirt.conf.  The /etc/libvirt directory permissions
prevent *any* file there being read by non-root, so the /etc/libvirt/libvirt.conf
file could not be used by non-root.

IMHO the only flaw here is the test suite, not the config file path
handling.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list