[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Allow root users to have their own configuration file



On 09/12/2013 12:00 PM, Daniel P. Berrange wrote:
> On Thu, Sep 12, 2013 at 11:53:32AM +0200, Martin Kletzander wrote:
>> Currently, we have two configuration file paths, one global (where
>> "global" means root-only and we're probably not changing this in near
>> future) and one per-user.  Unfortunately root user cannot use the
>> second option because until now we were choosing the file path
>> depending only on whether the user is root or not.
>>
>> This patch modifies the mentioned behavior for root only, allowing him
>> to set his own configuration files without changing anything in
>> system-wide configuration folders.
>>
>> This also makes the virsh-uriprecedence test pass its first test case
>> when ran as root.
>>
>> Signed-off-by: Martin Kletzander <mkletzan redhat com>
>> ---
>>
>> Notes:
>>     I'm playing along previously mentioned "proper behavior" in this
>>     patch.  However, IMNSHO, our "global" or "system-wide" configuration
>>     file (defaulting to '/etc/libvirt/libvirt.conf') should be accessible
>>     for all users since this has no security impact (security information
>>     may be in files 'libvirtd.conf' or 'qemu.conf').  This file should be
>>     also read and used for all users.  After that, settings in user
>>     configuration file (defaulting to '~/.config/libvirt/libvirt.conf')
>>     may override some of these settings for that user.
>>     
>>     This is how all sensible configurations are loaded and that's also
>>     what I'd prefer.  Unfortunately some developers feels this should be
>>     done in completely different way.
>>
>>  src/libvirt.c | 56 ++++++++++++++++++++++++++++++++++++--------------------
>>  1 file changed, 36 insertions(+), 20 deletions(-)
> 
> NACK to this. The root user already has their own dedicated configuration
> file, /etc/libvirt/libvirt.conf.  The /etc/libvirt directory permissions
> prevent *any* file there being read by non-root, so the /etc/libvirt/libvirt.conf
> file could not be used by non-root.
> 

As mentioned in the commit message, this patch doesn't change the
behavior for non-root users, that's only a nag in the notes.

The only thing that changes after applying this patch is that *iff* ran
as root, we'll *also* check "${XDG_CONFIG_HOME}/libvirt/libvirt.conf".

Martin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]