Re: [Libvir] PATCH: Allow remote driver to handle any connection URI
Daniel P. Berrange wrote:
We currently have logic in the remote driver so that it handles the
local
QEMU driver URIs, so they get re-directed to the daemon. It also handles
networking APIs for Xen driver. For normal APIs, Xen has the auto-spawned
setuid proxy daemon. This was very useful at the time we wrote it, but it
only supports a handful of operations, and only in read-only mode. One other
factor is that SUSE, for example, do not ship it because it is setuid. I
don't know whether this is just a general policy, or just because they've
not had time to audit it, but that's not very good for their users.
Yep. Reason is the former. But this can be overridden (followed by an
audit) if there is a good case. Apparently my case wasn't strong
enough. Too be fair though, I didn't push hard. And now that I've seen
this mail I'm reminded that I wanted to push this for openSUSE 10.3 --
which went GM today :-(.
Jim