Re: [PATCH v2 3/3] man: virt-admin: Mention monolithic daemon URIs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 20, 2022 at 06:16:43PM +0100, Peter Krempa wrote:
> On Thu, Jan 20, 2022 at 18:14:08 +0100, Erik Skultety wrote:
> > On Thu, Jan 20, 2022 at 04:34:03PM +0100, Peter Krempa wrote:
> > > Hint users that they can use 'virt-admin' also for the new monolithic
> > > daemons.
> > > 
> > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2038045
> > > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
> > > ---
> > >  docs/manpages/virt-admin.rst | 22 ++++++++++++++++------
> > >  1 file changed, 16 insertions(+), 6 deletions(-)
> 
> [...]
> 
> > > +Running ``virt-admin`` requires root privileges when communicating with the
> > > +system instance of a daemon (*URI* ending in ``/system``) due to the
> > > +communications channels used to talk to the daemon.
> > > +
> > > +Consider changing the *unix_sock_group* ownership setting to grant access to
> > > +specific set of users or modifying *unix_sock_rw_perms* permissions. Daemon
> > > +configuration file provides more information about setting permissions.
> > 
> > ^This last paragraph is not true with virt-admin, because it's not subject to
> > any authentication mechanism we use by design, especially with socket
> > activation where the socket will always have 0600 permissions and only root can
> > access it. Without socket activation there's the 'unix_sock_admin_perms'
> > setting (beats me why we/I introduced it in the first place), but there is no
> > group ownership whatsoever and indeed if you look at remoteAdmClientNew, you'll
> > see we're doing the following:
> > 
> >     if (geteuid() != clientuid)
> >         ...
> 
> Hmm, this commit is merely re-indenting and moving the text. I think
> I'll be able to justtify it better if I remove it first by a separate
> commit and let this commit just do the URI changes. 

Sure, feel free to push 1 and 2 and post one just with the URI changes.

Erik




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux