[Libosinfo] Handling `http://` calls with sudo/su
Fabiano Fidêncio
fidencio at redhat.com
Wed May 22 09:00:04 UTC 2019
People,
https://gitlab.com/libosinfo/libosinfo/issues/30 brought up an
interesting fact that I wasn't aware of and may have some negative
impact on libosinfo consumers.
Basically, GVfs requires access to the session bus (which, by deafult,
is private and does not accept connections of any other user apart
from the one that owns the bus), causing any call made to
`osinfo_{tree,media}_create_from_location()` and any operation of
osinfo-db-import and osinfo-detect relying on gvfsd-http to *not* work
when called using sudo/su.
Cole already stated that it could be blocker for virt-install to every
fully depend on libosinfo as `sudo virt-install ...` should just work.
Now, what are the options we have? (No, this is not a rethorical question ...)
There are a few things that come to my mind:
- Stop relying on GVfs for anything that's not local and implement the
`http://` on our side;
- Drop the privileges when calling libosinfo APIs that are known for
relying on GVfs, as suggested by Ondrej Holy
- This would have to be done by each app consuming libosinfo APIs,
doesn't sound like the most appealing thing to do, even if possible to
implement properly
At this point, I'm totally out of ideas on how to proceed, thus I'd be
really happy to get some suggestions.
Best Regards,
--
Fabiano Fidêncio
More information about the Libosinfo
mailing list