[Libvir] [RFC PATCH] Solaris least privilege

Daniel Veillard veillard at redhat.com
Thu Apr 24 13:54:19 UTC 2008


On Thu, Apr 24, 2008 at 01:48:08PM +0100, John Levon wrote:
> 
> In the interests of giving a 'heads-up' I'm posting this patch. It
> implements least-privilege on Solaris. The basic idea is that all
> libvirt clients are forced to go through libvirtd, which verifies a
> particular privilege. virtd itself runs with enough privilege to
> interact with Xen.
> 
> This patch is:
> 
>  - not to be applied :)
>  - only against 0.4.0
>  - subject to further change
>  - not yet reviewed, not even by myself (properly)
> 
> Nonetheless, comments are more than welcome.

   Hi John,

  in general the idea of removing all those geteid() == 0 and replacing
them like xenHavePrivilege() is a good one. The patch includes stuff which
is not strictly related like the virsh console cleanup which should be
separated. Also it seems you use some socket auth extensions to detect the
uid of the other process, we do that already in qemud/qemud.c see
function qemudGetSocketIdentity() , maybe we should abstract that in the
util.c module and provide the _sun version there.
  I didn't fully understood some of the checks on the socket paths but
that was separated under #ifdef _sun so that looks system specific.

  in a nutshell, good idea but let's try to make this as generic as
possible :-)

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/




More information about the libvir-list mailing list