On Wed, Aug 08, 2007 at 04:02:25PM +0100, Richard W.M. Jones wrote: > Daniel P. Berrange wrote: > >On Wed, Aug 08, 2007 at 03:42:30PM +0100, Richard W.M. Jones wrote: > >>Daniel P. Berrange wrote: > >> srw-rw---- 1 root virtstaff 0 2007-06-29 15:50 > >>/var/run/libvirt/libvirt-sock > > > >That either gives a user full access without requiring any password, or > >requires that the app run as root. That's just a mild tweaking of the > >status quo. It doesn't allow us to authenticate a non-root user to allow > >them access without the app itself being run as root. > > I wouldn't call it a "mild tweaking of the status quo". It lets an > administrator designate staff who are permitted to manage virtualization > (ie. by adding them to the virtstaff group), and then those staff can > run management programs as themselves (non-root). If typing in a > password is important because it proves that at the moment that the > program was started, then the staff member was sitting in front of the > computer (but not, like, later on or anything), then perhaps the > administrators of these super secure systems should ensure their staff > use screensavers. > > Anyhow isn't this something which SELinux was supposed to solve? Yes - but with the caveat that it only solves it if running in 'strict' mode. In 'targetted' mode all user accounts are unconfined_t so can do pretty much anything they like. So we can't usefully leverage SELinux for this in most common deployements. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list