[Libvir] [RFC PATCH] Solaris least privilege
John Levon
levon at movementarian.org
Thu Apr 24 14:04:56 UTC 2008
On Thu, Apr 24, 2008 at 09:54:19AM -0400, Daniel Veillard wrote:
> in general the idea of removing all those geteid() == 0 and replacing
> them like xenHavePrivilege() is a good one. The patch includes stuff which
> is not strictly related like the virsh console cleanup which should be
> separated.
Sure, at merge time everything will be split up appropriately. BTW, it
is related very much: only xenconsole has privilege to connect to Xen
consoles.
> Also it seems you use some socket auth extensions to detect the
> uid of the other process, we do that already in qemud/qemud.c see
> function qemudGetSocketIdentity() , maybe we should abstract that in the
> util.c module and provide the _sun version there.
It's not about UID but privilege. The Identity stuff is only used under
HAVE_POLKIT, so I'm not sure there's much commonality that can be
abstracted. Can you describe further what you would expect it to look
like?
regards
john
More information about the libvir-list
mailing list