Re: [Libvir] libvirt daemon UNIX socket auth with PolicyKit
On Wed, Aug 08, 2007 at 02:48:02PM +0100, Daniel P. Berrange wrote:
> > - libvirtd use SO_PEERCRED to get the PID of the client
>
> Solaris doesn't have this, but the more powerful getpeerucred():
>
> http://docs.sun.com/app/docs/doc/819-2243/6n4i09924?a=view
> http://docs.sun.com/app/docs/doc/819-2243/6n4i099nf?a=view
There's at least 5 different impls of this general context across the
various UNIX OS :-( I've just suggested to David Z that PolicyKit provide
a 'polkit_caller_new_from_socket' API, so all the OS specific code for
getting a UID from a socket can be isolated in polkicykit libraries rather
than making each individual app re-implement the portability.
I think the ability to get the UID of the caller would be useful even
if polkicykit is not available though, that would allow to get rid of
fs mapped sockets and the reliance on fs attributes.
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/