On 09/03/2010 02:38 PM, Soren Hansen wrote:
NACK, I don't think we should be changing this. If the user
is unprivileged, it should always default to the unprivileged
libvirtd, regardless of whether they are also authorized to
connect to the privileged libvirtd (via socket permissions or
policykit, or kerberos). If the unprivileged user still wants
the privileged libvirtd, they should given an explicit URI.
Hm... I didn't think this was going to be controversial :)
Maybe a less-controversial patch would be changing configure.ac to add a
configure option for the default URI string for non-privileged users?
Right now, the default is hard-coded to qemu:///session, but by letting
it be a configure choice, then it would be up to the end user (or
distro) whether to risk the default of qemu:///system as well as
exposing the socket as writable.
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list