Re: PATCH: Don't request polkit auth if client is root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 04, 2008 at 09:55:50AM +0200, Jim Meyering wrote:
> "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:
> > This patch makes two adjustments to the way policy kit authentication is
> > done.
> >
> >  - Currently the server unconditionally ask the client to do policykit
> >    authentication. This is unnecessary if the remote client is running
> >    as root, which we can check via UNIX socket credentials. Unconditionally
> >    asking plays havoc with SSH tunneling, so this patch makes it check the
> >    socket credentials &not ask for auth if the client is UID==0
> >
> >  - The virsh client will unconditionally call polkit-auth to request
> >    credentials. This is also unneccessary if the client is running as
> >    root, so this patch makes it skip that step as root.
> >
> > The patch is bigger than it seems because removing an if() conditional
> > made a huge chunk be re-indented.
> 
> Good idea.  Looks fine.
> ACK.
> 
> [BTW, thanks for the SO_PEERCRED example -- I didn't know about it,
>  and was surprised to find so little documentation on it. ]

  The code for UNIX socket credential checking can be made portable, but it's
really a big mess, in gamin I also allow CMSGCRED, which increase portability
a bit. I remember looking in glib at the time for this kind of code, but as
the comment point out DBus code should have a fairly complete and up to date
set.

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@xxxxxxxxxx  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]