On Wed, Sep 19, 2007 at 04:03:40AM +0100, Daniel P. Berrange wrote: > We currently have logic in the remote driver so that it handles the local > QEMU driver URIs, so they get re-directed to the daemon. It also handles > networking APIs for Xen driver. For normal APIs, Xen has the auto-spawned > setuid proxy daemon. This was very useful at the time we wrote it, but it > only supports a handful of operations, and only in read-only mode. One other > factor is that SUSE, for example, do not ship it because it is setuid. I > don't know whether this is just a general policy, or just because they've > not had time to audit it, but that's not very good for their users. > > With the development of the remote driver & the flexible UNIX socket perms > & group ownership, or with policykit support it is possible to replace the > proxy with calls straight to the remote daemon. So this patch is the first > step by allowing the remote driver to handle any hypervisor connection URI. > If it doesn't have a hostname or transport specified, then it automatically > tries to connect to the local libvirt daemon over UNIX sockets. Okay, I think I understand. I assume this is dependant logically on having the PolicyKit patch applied first to be able to filter the accesses, right ? > Dan. > -- > |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| > |=- Perl modules: http://search.cpan.org/~danberr/ -=| > |=- Projects: http://freshmeat.net/~danielpb/ -=| > |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| > diff -r bc9c1ba80870 src/remote_internal.c > --- a/src/remote_internal.c Tue Sep 18 14:13:29 2007 -0400 > +++ b/src/remote_internal.c Tue Sep 18 14:23:22 2007 -0400 > @@ -232,9 +232,8 @@ remoteForkDaemon(virConnectPtr conn) > /* Must not overlap with virDrvOpenFlags */ > enum virDrvOpenRemoteFlags { > VIR_DRV_OPEN_REMOTE_RO = (1 << 0), > - VIR_DRV_OPEN_REMOTE_UNIX = (1 << 1), > - VIR_DRV_OPEN_REMOTE_USER = (1 << 2), > - VIR_DRV_OPEN_REMOTE_AUTOSTART = (1 << 3), > + VIR_DRV_OPEN_REMOTE_USER = (1 << 1), > + VIR_DRV_OPEN_REMOTE_AUTOSTART = (1 << 2), > }; I'm just a bit worried about changing those if they end up on the wire in some ways. If that's the case then just keep he enum as-is. Looks fine to me, +1, Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@xxxxxxxxxx | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list