On Wed, Aug 08, 2007 at 04:02:25PM +0100, Richard W.M. Jones wrote:
Daniel P. Berrange wrote:
>On Wed, Aug 08, 2007 at 03:42:30PM +0100, Richard W.M. Jones wrote:
>>Daniel P. Berrange wrote:
>> srw-rw---- 1 root virtstaff 0 2007-06-29 15:50
>>/var/run/libvirt/libvirt-sock
>
>That either gives a user full access without requiring any password, or
>requires that the app run as root. That's just a mild tweaking of the
>status quo. It doesn't allow us to authenticate a non-root user to allow
>them access without the app itself being run as root.
I wouldn't call it a "mild tweaking of the status quo". It lets an
administrator designate staff who are permitted to manage virtualization
(ie. by adding them to the virtstaff group), and then those staff can
run management programs as themselves (non-root). If typing in a
password is important because it proves that at the moment that the
program was started, then the staff member was sitting in front of the
computer (but not, like, later on or anything), then perhaps the
administrators of these super secure systems should ensure their staff
use screensavers.
Anyhow isn't this something which SELinux was supposed to solve?
Yes - but with the caveat that it only solves it if running in 'strict'
mode. In 'targetted' mode all user accounts are unconfined_t so can do
pretty much anything they like. So we can't usefully leverage SELinux
for this in most common deployements.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules:
http://search.cpan.org/~danberr/ -=|
|=- Projects:
http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|