[Libvir] libvirt daemon UNIX socket auth with PolicyKit
Daniel Veillard
veillard at redhat.com
Wed Aug 8 14:07:08 UTC 2007
On Wed, Aug 08, 2007 at 02:48:02PM +0100, Daniel P. Berrange wrote:
> > > - libvirtd use SO_PEERCRED to get the PID of the client
> >
> > Solaris doesn't have this, but the more powerful getpeerucred():
> >
> > http://docs.sun.com/app/docs/doc/819-2243/6n4i09924?a=view
> > http://docs.sun.com/app/docs/doc/819-2243/6n4i099nf?a=view
>
> There's at least 5 different impls of this general context across the
> various UNIX OS :-( I've just suggested to David Z that PolicyKit provide
> a 'polkit_caller_new_from_socket' API, so all the OS specific code for
> getting a UID from a socket can be isolated in polkicykit libraries rather
> than making each individual app re-implement the portability.
I think the ability to get the UID of the caller would be useful even
if polkicykit is not available though, that would allow to get rid of
fs mapped sockets and the reliance on fs attributes.
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
More information about the libvir-list
mailing list