On Thu, Apr 24, 2008 at 01:48:08PM +0100, John Levon wrote: > > In the interests of giving a 'heads-up' I'm posting this patch. It > implements least-privilege on Solaris. The basic idea is that all > libvirt clients are forced to go through libvirtd, which verifies a > particular privilege. virtd itself runs with enough privilege to > interact with Xen. > > This patch is: > > - not to be applied :) > - only against 0.4.0 > - subject to further change > - not yet reviewed, not even by myself (properly) > > Nonetheless, comments are more than welcome. Hi John, in general the idea of removing all those geteid() == 0 and replacing them like xenHavePrivilege() is a good one. The patch includes stuff which is not strictly related like the virsh console cleanup which should be separated. Also it seems you use some socket auth extensions to detect the uid of the other process, we do that already in qemud/qemud.c see function qemudGetSocketIdentity() , maybe we should abstract that in the util.c module and provide the _sun version there. I didn't fully understood some of the checks on the socket paths but that was separated under #ifdef _sun so that looks system specific. in a nutshell, good idea but let's try to make this as generic as possible :-) Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@xxxxxxxxxx | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list