Re: [Libvir] [RFC PATCH] Solaris least privilege
On Thu, Apr 24, 2008 at 03:04:56PM +0100, John Levon wrote:
On Thu, Apr 24, 2008 at 09:54:19AM -0400, Daniel Veillard wrote:
> in general the idea of removing all those geteid() == 0 and replacing
> them like xenHavePrivilege() is a good one. The patch includes stuff which
> is not strictly related like the virsh console cleanup which should be
> separated.
Sure, at merge time everything will be split up appropriately. BTW, it
is related very much: only xenconsole has privilege to connect to Xen
consoles.
In that case we should definitel split the 'virsh console' impl out into
a separate binary, so we can use the non-Xen specific codebase and stil
maintain your privilege separation.
> Also it seems you use some socket auth extensions to detect the
> uid of the other process, we do that already in qemud/qemud.c see
> function qemudGetSocketIdentity() , maybe we should abstract that in the
> util.c module and provide the _sun version there.
It's not about UID but privilege. The Identity stuff is only used under
HAVE_POLKIT, so I'm not sure there's much commonality that can be
abstracted. Can you describe further what you would expect it to look
like?
Although we don't use the qemudGetSocketIdentity() anyway other than under
the POLKIT code, this may change in the future, so it'd just be convenient
to have a Solaris impl there. We can change the #if HAVE_POLKIT to be
#ifdef HAVE_POLKIT || __sun, so the method is available to the privilege
checking code too.
Dan
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|