[libvirt] [PATCH 3/3] Do not check for pkcheck
Jiri Denemark
jdenemar at redhat.com
Mon Mar 19 18:47:54 UTC 2018
On Wed, Mar 07, 2018 at 10:29:32 +0100, Ján Tomko wrote:
> All we need is DBus.
Unfortunately, this is wrong. From a compilation/linking POV we really
don't need anything more than D-Bus. But we polkit to actually work, we
need more. Thus we can end up enabling polkit even though it is not
actually installed, which means libvirtd will change default
authentication scheme for UNIX sockets to polkit and it will chmod the
socket to 777. Luckily, this is not a security issue because all
connections will be refused because the daemon will not be able to talk
to polkit, but it's still an unpleasant change of defaults.
Is there really nothing we could check to detect polkit presence or
should we just drop the autodetection (i.e., 'check') capability of
--with-polkit since it's mostly useless now?
Jirka
More information about the libvir-list
mailing list