On Fri, Sep 03, 2010 at 03:28:58PM +0200, Soren Hansen wrote: > If no uri is passed to one of the virConnectOpen-ish calls, libvirt > attempts to autoprobe a sensible URI. Part of the current logic checks > for getuid() > 0, and if that check is succesful, a libvirtd daemon is > spawned. This patch replaces this check with a call to > access(LIBVIRTD_PRIV_UNIX_SOCKET, W_OK) so that users with access to the > qemu:///system UNIX socket connect to that one by default instead of > spawning a new libvirtd daemon. NACK, I don't think we should be changing this. If the user is unprivileged, it should always default to the unprivileged libvirtd, regardless of whether they are also authorized to connect to the privileged libvirtd (via socket permissions or policykit, or kerberos). If the unprivileged user still wants the privileged libvirtd, they should given an explicit URI. Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list