On Thu, Apr 24, 2008 at 01:48:08PM +0100, John Levon wrote:
In the interests of giving a 'heads-up' I'm posting this patch. It
implements least-privilege on Solaris. The basic idea is that all
libvirt clients are forced to go through libvirtd, which verifies a
particular privilege. virtd itself runs with enough privilege to
interact with Xen.
This patch is:
- not to be applied :)
- only against 0.4.0
- subject to further change
- not yet reviewed, not even by myself (properly)
Nonetheless, comments are more than welcome.
Hi John,
in general the idea of removing all those geteid() == 0 and replacing
them like xenHavePrivilege() is a good one. The patch includes stuff which
is not strictly related like the virsh console cleanup which should be
separated. Also it seems you use some socket auth extensions to detect the
uid of the other process, we do that already in qemud/qemud.c see
function qemudGetSocketIdentity() , maybe we should abstract that in the
util.c module and provide the _sun version there.
I didn't fully understood some of the checks on the socket paths but
that was separated under #ifdef _sun so that looks system specific.
in a nutshell, good idea but let's try to make this as generic as
possible :-)
Daniel
--
Red Hat Virtualization group
http://redhat.com/virtualization/
Daniel Veillard | virtualization library
http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit
http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine
http://rpmfind.net/