On Mon, Mar 19, 2018 at 07:47:54PM +0100, Jiri Denemark wrote:
On Wed, Mar 07, 2018 at 10:29:32 +0100, Ján Tomko wrote:All we need is DBus.Unfortunately, this is wrong. From a compilation/linking POV we really don't need anything more than D-Bus.
Good, we should compile as much code as we can to prevent bitrot.
But we polkit to actually work, we need more. Thus we can end up enabling polkit even though it is not actually installed, which means libvirtd will change default authentication scheme for UNIX sockets to polkit and it will chmod the socket to 777. Luckily, this is not a security issue because all connections will be refused because the daemon will not be able to talk to polkit, but it's still an unpleasant change of defaults.
Same if you have polkit installed but do not bother to use it (which is IMO more common, although a pre-existing issue).
Is there really nothing we could check to detect polkit presence or should we just drop the autodetection (i.e., 'check') capability of --with-polkit since it's mostly useless now?
Since it's a runtime dependency, we could check for it at runtime like we do for systemd, but I did not want to think about the security implications. I can look into it if someone else is running such a strange configuration (Peter?) Alternatively, we could disable the option to compile out polkit, check for pkcheck at configure time and use that only to enable it by default. And of course, IMO all the compile-time autodetection of runtime dependencies is useless and should be abolished. Jan
Jirka
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list