"Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: > This patch makes two adjustments to the way policy kit authentication is > done. > > - Currently the server unconditionally ask the client to do policykit > authentication. This is unnecessary if the remote client is running > as root, which we can check via UNIX socket credentials. Unconditionally > asking plays havoc with SSH tunneling, so this patch makes it check the > socket credentials ¬ ask for auth if the client is UID==0 > > - The virsh client will unconditionally call polkit-auth to request > credentials. This is also unneccessary if the client is running as > root, so this patch makes it skip that step as root. > > The patch is bigger than it seems because removing an if() conditional > made a huge chunk be re-indented. Good idea. Looks fine. ACK. [BTW, thanks for the SO_PEERCRED example -- I didn't know about it, and was surprised to find so little documentation on it. ] -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list