[libvirt] [PATCH 3/3] Do not check for pkcheck

Ján Tomko jtomko at redhat.com
Tue Mar 20 11:27:17 UTC 2018


On Mon, Mar 19, 2018 at 07:47:54PM +0100, Jiri Denemark wrote:
>On Wed, Mar 07, 2018 at 10:29:32 +0100, Ján Tomko wrote:
>> All we need is DBus.
>
>Unfortunately, this is wrong. From a compilation/linking POV we really
>don't need anything more than D-Bus.

Good, we should compile as much code as we can to prevent bitrot.

>But we polkit to actually work, we
>need more. Thus we can end up enabling polkit even though it is not
>actually installed, which means libvirtd will change default
>authentication scheme for UNIX sockets to polkit and it will chmod the
>socket to 777. Luckily, this is not a security issue because all
>connections will be refused because the daemon will not be able to talk
>to polkit, but it's still an unpleasant change of defaults.
>

Same if you have polkit installed but do not bother to use it (which
is IMO more common, although a pre-existing issue).

>Is there really nothing we could check to detect polkit presence or
>should we just drop the autodetection (i.e., 'check') capability of
>--with-polkit since it's mostly useless now?
>

Since it's a runtime dependency, we could check for it at runtime like
we do for systemd, but I did not want to think about the security
implications. I can look into it if someone else is running such a
strange configuration (Peter?)

Alternatively, we could disable the option to compile out polkit,
check for pkcheck at configure time and use that only to enable it by
default.

And of course, IMO all the compile-time autodetection of runtime
dependencies is useless and should be abolished.

Jan

>Jirka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180320/8a30cea7/attachment-0001.sig>


More information about the libvir-list mailing list