On Tue, Mar 20, 2018 at 12:27:17PM +0100, Ján Tomko wrote: > On Mon, Mar 19, 2018 at 07:47:54PM +0100, Jiri Denemark wrote: > > On Wed, Mar 07, 2018 at 10:29:32 +0100, Ján Tomko wrote: > > > All we need is DBus. > > > > Unfortunately, this is wrong. From a compilation/linking POV we really > > don't need anything more than D-Bus. > > Good, we should compile as much code as we can to prevent bitrot. > > > But we polkit to actually work, we > > need more. Thus we can end up enabling polkit even though it is not > > actually installed, which means libvirtd will change default > > authentication scheme for UNIX sockets to polkit and it will chmod the > > socket to 777. Luckily, this is not a security issue because all > > connections will be refused because the daemon will not be able to talk > > to polkit, but it's still an unpleasant change of defaults. > > > > Same if you have polkit installed but do not bother to use it (which > is IMO more common, although a pre-existing issue). > > > Is there really nothing we could check to detect polkit presence or > > should we just drop the autodetection (i.e., 'check') capability of > > --with-polkit since it's mostly useless now? > > > > Since it's a runtime dependency, we could check for it at runtime like > we do for systemd, but I did not want to think about the security > implications. I can look into it if someone else is running such a > strange configuration (Peter?) > > Alternatively, we could disable the option to compile out polkit, > check for pkcheck at configure time and use that only to enable it by > default. > > And of course, IMO all the compile-time autodetection of runtime > dependencies is useless and should be abolished. For Linux I think we should expect polkit to be enabled out of the box in all builds. If someone really wants to disable it then they can pass --disable-polkit still, and they also have libvirtd.conf config options to disable it post-biuld. We should, however, make sure that polkit is disabled when building on OS-X / Windows / BSD, *even* if dbus is available. I think this is something we get wrong now that we removed the check for pkcheck in configure. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
