On Tue, Jan 20, 2009 at 11:13:38AM -0800, john.le...@sun.com wrote:
# HG changeset patch
# User john.le...@sun.com
# Date 1232478815 28800
# Node ID 9c7ef175f3a797ecc3ffa6b1fed5a27d1814838c
# Parent ce76623e857f5bb2cf3af8414335f891fd7902b7
Solaris least privilege support
On Solaris dom0,
On Mon, Jan 19, 2009 at 10:05:03PM +, John Levon wrote:
On Mon, Jan 19, 2009 at 04:32:44PM +0100, Daniel Veillard wrote:
that this code would fail except in the first time the daemon is
launched because mkdir /var/run/libvirt will return -1 and errno EEXIST
in all following
# HG changeset patch
# User john.le...@sun.com
# Date 1232478815 28800
# Node ID 9c7ef175f3a797ecc3ffa6b1fed5a27d1814838c
# Parent ce76623e857f5bb2cf3af8414335f891fd7902b7
Solaris least privilege support
On Solaris dom0, virtd runs as a privilege barrier: all libvirt
connections are routed
On Thu, Jan 15, 2009 at 09:19:39AM -0800, john.le...@sun.com wrote:
+#ifdef __sun
+static void
+qemudSetupPrivs (struct qemud_server *server)
+{
+chown (/var/run/libvirt, SYSTEM_UID, SYSTEM_UID);
+chown (server-logDir, SYSTEM_UID, SYSTEM_UID);
+
+if (__init_daemon_priv
On Fri, Jan 16, 2009 at 12:59:59PM +, John Levon wrote:
On Fri, Jan 16, 2009 at 08:35:16AM +0100, Daniel Veillard wrote:
The comment and the code don't seems to match, and it seems to me
Oops, will fix the comment.
that this code would fail except in the first time the daemon is
On Mon, Jan 19, 2009 at 04:32:44PM +0100, Daniel Veillard wrote:
that this code would fail except in the first time the daemon is
launched because mkdir /var/run/libvirt will return -1 and errno EEXIST
in all following cases. I'm worried about this,
What do you mean? /var/run is a
On Fri, Jan 16, 2009 at 08:35:16AM +0100, Daniel Veillard wrote:
The comment and the code don't seems to match, and it seems to me
Oops, will fix the comment.
that this code would fail except in the first time the daemon is
launched because mkdir /var/run/libvirt will return -1 and errno
On Thu, Jan 15, 2009 at 09:19:39AM -0800, john.le...@sun.com wrote:
[..snip..]
+/* Change the group ownership of /var/run/libvirt to unix_sock_gid */
+if (geteuid () == 0) {
+const char *rundir = LOCAL_STATE_DIR /run/libvirt;
+
+if (mkdir (rundir, 0755)) {
On Fri, Jan 16, 2009 at 02:03:39PM +0100, Guido G?nther wrote:
virFileMakePath?
The implementation of this is insufficient, and unnecessary.
regards
john
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Jan 14, 2009 at 07:32:28PM -0800, john.le...@sun.com wrote:
@@ -638,10 +657,32 @@ static int qemudInitPaths(struct qemud_s
static int qemudInitPaths(struct qemud_server *server,
char *sockname,
char *roSockname,
-
On Thu, Jan 15, 2009 at 10:19:58AM +, Daniel P. Berrange wrote:
+#ifdef __sun
+{
+ucred_t *ucred = NULL;
+const priv_set_t *privs;
+
+if (getpeerucred (fd, ucred) == -1 ||
+(privs = ucred_getprivset (ucred, PRIV_EFFECTIVE)) == NULL) {
+
On Thu, Jan 15, 2009 at 12:57:49PM +, John Levon wrote:
+#ifdef __sun
+/*
+ * On Solaris, all clients are forced to go via virtd. As a result,
+ * virtd must indicate it really does want to connect to the
+ * hypervisor.
+ */
+name = xen:///;
On Thu, Jan 15, 2009 at 03:34:11PM +, Daniel P. Berrange wrote:
Tthe key really thing you need to ensure that all Xen calls
take place inside the daemon, is simply to make sure the Xen
driver always returns VIR_DRV_OPEN_DECLINED for non-daemon
open calls. Everything else should 'just
# HG changeset patch
# User john.le...@sun.com
# Date 1232039546 28800
# Node ID b9d4d60bca87633897cb133461e1415d1223c823
# Parent 25a0c46588d5de1653b16dfed6bc357abf11db77
Solaris least privilege support
On Solaris dom0, virtd runs as a privilege barrier: all libvirt
connections are routed
john.le...@sun.com wrote:
Solaris least privilege support
On Solaris dom0, virtd runs as a privilege barrier: all libvirt
connections are routed through it, and it performs the relevant
privilege checks for any clients.
Hi John,
When reposting a patch, please say a few words about
what
On Thu, Jan 15, 2009 at 08:00:38PM +0100, Jim Meyering wrote:
On Solaris dom0, virtd runs as a privilege barrier: all libvirt
connections are routed through it, and it performs the relevant
privilege checks for any clients.
When reposting a patch, please say a few words about
what
On Thu, Jan 15, 2009 at 09:19:39AM -0800, john.le...@sun.com wrote:
# HG changeset patch
# User john.le...@sun.com
# Date 1232039546 28800
# Node ID b9d4d60bca87633897cb133461e1415d1223c823
# Parent 25a0c46588d5de1653b16dfed6bc357abf11db77
Solaris least privilege support
On Solaris dom0,
# HG changeset patch
# User john.le...@sun.com
# Date 1231990064 28800
# Node ID 629c101c9ec11f3eb5cb56eb9548c96c33c8daf6
# Parent 0f488fb716b1ab0a1379509b8b3594f32f0ea980
Solaris least privilege support
On Solaris dom0, virtd runs as a privilege barrier: all libvirt
connections are routed
18 matches
Mail list logo