[Libvir] [RFC PATCH] Solaris least privilege

John Levon levon at movementarian.org
Thu Apr 24 14:04:56 UTC 2008

On Thu, Apr 24, 2008 at 09:54:19AM -0400, Daniel Veillard wrote:

>   in general the idea of removing all those geteid() == 0 and replacing
> them like xenHavePrivilege() is a good one. The patch includes stuff which
> is not strictly related like the virsh console cleanup which should be
> separated.

Sure, at merge time everything will be split up appropriately. BTW, it
is related very much: only xenconsole has privilege to connect to Xen

> Also it seems you use some socket auth extensions to detect the
> uid of the other process, we do that already in qemud/qemud.c see
> function qemudGetSocketIdentity() , maybe we should abstract that in the
> util.c module and provide the _sun version there.

It's not about UID but privilege. The Identity stuff is only used under
HAVE_POLKIT, so I'm not sure there's much commonality that can be
abstracted. Can you describe further what you would expect it to look


More information about the libvir-list mailing list