On Wed, Mar 07, 2018 at 10:29:32 +0100, Ján Tomko wrote: > All we need is DBus.
Unfortunately, this is wrong. From a compilation/linking POV we really don't need anything more than D-Bus. But we polkit to actually work, we need more. Thus we can end up enabling polkit even though it is not actually installed, which means libvirtd will change default authentication scheme for UNIX sockets to polkit and it will chmod the socket to 777. Luckily, this is not a security issue because all connections will be refused because the daemon will not be able to talk to polkit, but it's still an unpleasant change of defaults. Is there really nothing we could check to detect polkit presence or should we just drop the autodetection (i.e., 'check') capability of --with-polkit since it's mostly useless now? Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
