Re: [libvirt] [PATCH] Default to qemu:///system if accessible
On 06-09-2010 11:17, Daniel P. Berrange wrote:
Our goal is to improve qemu://session's networking such that this
isn't a reason to use qemu://system anymore
Fair enough, but when that happens, I'm supposing people won't have
access to the system-wide UNIX socket anymore.
Enabing use of qemu://session is key to solving a number of
important security problems, not least that a user should be able to
just keep the disk & iso images in their home directory and not have
to worry about their ownership/permissions.
True.
In addition by running VMs directly under the user's session
things
like pulseaudio, SDL can directly access the X & GNOME sessions
without further special config.
I was under the impression that currently targeted solution to at least
the audio problem was tunelling through VNC?
This is ignoring two important use cases which are common in the
corporate world. Shared development servers where many users are on
one server, and personal workstations where the users are not
allowed to have root.
I disagree. In both of those cases, I'd be surprised if people were able
to access the privileged libvirtd socket. In the former case, if people
generally had access to the systemwide libvirtd instance, I'd assume
that was because that was the one they were supposed to use for their
shared development stuff. In the latter case, with that sort of access,
I could have full root shell access within minutes, so that'd be a
pretty big security fail.
The thing about heuristics is that they're never correct for
everyone. Your patch is making it more correct for one group of
people, and less correct for a different group of people. Further
making a significant functional change to libvirt that will break
things for people that are relying on the existing behaviour.
I understand the difficulty of heuristics. That's exactly why I think
this discussion is useful: It seeks to determine the accuracy of the
current heuristic, which I claim is inaccurate in all but extraordinary
cases.
If someone wants to save typing they need merely set
LIBVIRT_CONNECT_URI to whatever they want and thus avoid the default
connection logic completely.
As you point out to Eric elsewhere in this thread, this is about
adjusting the behaviour of the heuristic, not about just providing a
default URI. I admit, though, that I did not know of the environment
variable to do this, which is called LIBVIRT_DEFAULT_URI, by the way :)
--
Soren Hansen
Ubuntu Developer
http://www.ubuntu.com/