Re: PATCH: Allow remote driver to handle any connection URI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel P. Berrange wrote:
> We currently have logic in the remote driver so that it handles the local
> QEMU driver URIs, so they get re-directed to the daemon. It also handles
> networking APIs for Xen driver. For normal APIs, Xen has the auto-spawned
> setuid proxy daemon. This was very useful at the time we wrote it, but it
> only supports a handful of operations, and only in read-only mode. One other
> factor is that SUSE, for example, do not ship it because it is setuid. I
> don't know whether this is just a general policy, or just because they've
> not had time to audit it, but that's not very good for their users.
>   

Yep.  Reason is the former.  But this can be overridden (followed by an
audit) if there is a good case.  Apparently my case wasn't strong
enough.  Too be fair though, I didn't push hard.  And now that I've seen
this mail I'm reminded that I wanted to push this for openSUSE 10.3 --
which went GM today :-(.

Jim

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]