[Libvir] [RFC PATCH] Solaris least privilege
Daniel P. Berrange
berrange at redhat.com
Thu Apr 24 14:31:25 UTC 2008
On Thu, Apr 24, 2008 at 03:04:56PM +0100, John Levon wrote:
> On Thu, Apr 24, 2008 at 09:54:19AM -0400, Daniel Veillard wrote:
>
> > in general the idea of removing all those geteid() == 0 and replacing
> > them like xenHavePrivilege() is a good one. The patch includes stuff which
> > is not strictly related like the virsh console cleanup which should be
> > separated.
>
> Sure, at merge time everything will be split up appropriately. BTW, it
> is related very much: only xenconsole has privilege to connect to Xen
> consoles.
In that case we should definitel split the 'virsh console' impl out into
a separate binary, so we can use the non-Xen specific codebase and stil
maintain your privilege separation.
> > Also it seems you use some socket auth extensions to detect the
> > uid of the other process, we do that already in qemud/qemud.c see
> > function qemudGetSocketIdentity() , maybe we should abstract that in the
> > util.c module and provide the _sun version there.
>
> It's not about UID but privilege. The Identity stuff is only used under
> HAVE_POLKIT, so I'm not sure there's much commonality that can be
> abstracted. Can you describe further what you would expect it to look
> like?
Although we don't use the qemudGetSocketIdentity() anyway other than under
the POLKIT code, this may change in the future, so it'd just be convenient
to have a Solaris impl there. We can change the #if HAVE_POLKIT to be
#ifdef HAVE_POLKIT || __sun, so the method is available to the privilege
checking code too.
Dan
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list