Re: API to upgrade read-only connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 10, 2013 at 12:14 PM, Daniel P. Berrange
<berrange@xxxxxxxxxx> wrote:
> On Thu, Jan 10, 2013 at 03:12:18AM +0200, Zeeshan Ali (Khattak) wrote:
>> Hi,
>>   Once again, I'll be lazy and just copy&paste an IRC conversation but
>> please don't hesitate to ask if something needs clarification:
>>
>> <zeenix> am i missing something or there is no way to 'upgrade' a
>> read-only connection to a normal one?
>> <eblake_out> zeenix: looks like you have to create a new connection if
>> you want new privileges
>> <eblake_out> although you may want to float it by the list to see if a
>> new API for upgrading an existing connection makes sense
>> <eblake_out> especially in light of danpb's work-in-progress on adding
>> fine-grained ACLs
>> <zeenix> ah ok
>> <zeenix> eblake_out: we'd like to connect to system libvirt as well by
>> default in boxes
>> <zeenix> but would be nice to avoid the polkit dialog until we really
>> need full-access
>
> Really the concept of separate read-only vs read-write connections is
> completely flawed. In a world where you have proper access control on
> individual APIs, you'd just have a single connection you let anyone
> connect to, and then do the  checks at API call time which would trigger
> auth as required

Sounds reasonable. For the moment, I'll try to simulate the "upgrade"
in Boxes that from an end-user's perspective will work the same way as
you described above.

-- 
Regards,

Zeeshan Ali (Khattak)
FSF member#5124

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]