[libvirt] [PATCH 3/3] Do not check for pkcheck

Daniel P. Berrangé berrange at redhat.com
Tue Mar 20 11:36:50 UTC 2018 

On Tue, Mar 20, 2018 at 12:27:17PM +0100, Ján Tomko wrote:
> On Mon, Mar 19, 2018 at 07:47:54PM +0100, Jiri Denemark wrote:
> > On Wed, Mar 07, 2018 at 10:29:32 +0100, Ján Tomko wrote:
> > > All we need is DBus.
> > 
> > Unfortunately, this is wrong. From a compilation/linking POV we really
> > don't need anything more than D-Bus.
> 
> Good, we should compile as much code as we can to prevent bitrot.
> 
> > But we polkit to actually work, we
> > need more. Thus we can end up enabling polkit even though it is not
> > actually installed, which means libvirtd will change default
> > authentication scheme for UNIX sockets to polkit and it will chmod the
> > socket to 777. Luckily, this is not a security issue because all
> > connections will be refused because the daemon will not be able to talk
> > to polkit, but it's still an unpleasant change of defaults.
> > 
> 
> Same if you have polkit installed but do not bother to use it (which
> is IMO more common, although a pre-existing issue).
> 
> > Is there really nothing we could check to detect polkit presence or
> > should we just drop the autodetection (i.e., 'check') capability of
> > --with-polkit since it's mostly useless now?
> > 
> 
> Since it's a runtime dependency, we could check for it at runtime like
> we do for systemd, but I did not want to think about the security
> implications. I can look into it if someone else is running such a
> strange configuration (Peter?)
> 
> Alternatively, we could disable the option to compile out polkit,
> check for pkcheck at configure time and use that only to enable it by
> default.
> 
> And of course, IMO all the compile-time autodetection of runtime
> dependencies is useless and should be abolished.

For Linux I think we should expect polkit to be enabled out of the box in
all builds. If someone really wants to disable it then they can pass
--disable-polkit still, and they also have libvirtd.conf config options
to disable it post-biuld.

We should, however, make sure that polkit is disabled when building on
OS-X / Windows / BSD, *even* if dbus is available. I think this is
something we get wrong now that we removed the check for pkcheck in
configure.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list