Re: PATCH: Allow remote driver to handle any connection URI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 19, 2007 at 04:03:40AM +0100, Daniel P. Berrange wrote:
> We currently have logic in the remote driver so that it handles the local
> QEMU driver URIs, so they get re-directed to the daemon. It also handles
> networking APIs for Xen driver. For normal APIs, Xen has the auto-spawned
> setuid proxy daemon. This was very useful at the time we wrote it, but it
> only supports a handful of operations, and only in read-only mode. One other
> factor is that SUSE, for example, do not ship it because it is setuid. I
> don't know whether this is just a general policy, or just because they've
> not had time to audit it, but that's not very good for their users.
> 
> With the development of the remote driver & the flexible UNIX socket perms
> & group ownership, or with policykit support it is possible to replace the
> proxy with calls straight to the remote daemon. So this patch is the first
> step by allowing the remote driver to handle any hypervisor connection URI.
> If it doesn't have a hostname or transport specified, then it automatically
> tries to connect to the local libvirt daemon over UNIX sockets.

  Okay, I think I understand. I assume this is dependant logically on 
having the PolicyKit patch applied first to be able to filter the accesses,
right ?

> Dan.
> -- 
> |=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
> |=-           Perl modules: http://search.cpan.org/~danberr/              -=|
> |=-               Projects: http://freshmeat.net/~danielpb/               -=|
> |=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

> diff -r bc9c1ba80870 src/remote_internal.c
> --- a/src/remote_internal.c	Tue Sep 18 14:13:29 2007 -0400
> +++ b/src/remote_internal.c	Tue Sep 18 14:23:22 2007 -0400
> @@ -232,9 +232,8 @@ remoteForkDaemon(virConnectPtr conn)
>  /* Must not overlap with virDrvOpenFlags */
>  enum virDrvOpenRemoteFlags {
>      VIR_DRV_OPEN_REMOTE_RO = (1 << 0),
> -    VIR_DRV_OPEN_REMOTE_UNIX = (1 << 1),
> -    VIR_DRV_OPEN_REMOTE_USER = (1 << 2),
> -    VIR_DRV_OPEN_REMOTE_AUTOSTART = (1 << 3),
> +    VIR_DRV_OPEN_REMOTE_USER = (1 << 1),
> +    VIR_DRV_OPEN_REMOTE_AUTOSTART = (1 << 2),
>  };

  I'm just a bit worried about changing those if they end up on the wire
in some ways. If that's the case then just keep he enum as-is.


   Looks fine to me, +1,

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@xxxxxxxxxx  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]