----- Original Message ----- > From: "Lei Li" <li...@linux.vnet.ibm.com> > To: vdsm-devel@lists.fedorahosted.org > Cc: "Adam Litke" <a...@us.ibm.com>, "Dan Kenigsberg" <dan...@redhat.com>, > "Federico Simoncelli" <fsimo...@redhat.com>, > "Ryan Harper" <ry...@linux.vnet.ibm.com> > Sent: Monday, May 28, 2012 11:18:03 AM > Subject: Move some of code from spec file into vdsm-tool function issue > > Hi guys, > > Adam point out a problem about my patch moving some of the > post and preun section in vdsm spec file into vdsm-tool, and > I have the same concern. > > After some discussion, I'd like to ask for your suggestion > on the patch as link below. > > http://gerrit.ovirt.org/#patch,sidebyside,4528,3,vdsm.spec.in > > Please let me know your idea, thanks!
VDSM is/was adding a password to libvirt to prevent anyone or anything (eg: virt-manager, etc...) from managing the VMs that are controlled by VDSM. In general I don't like this idea for a couple of reasons: it's too much intrusive (making modifications that are not expected) and it's using a standard and known password, which is something debatable for many reasons (even if it's doing well it's job of preventing careless mistakes). I already tried to use polkit upstream (so that the vdsm user can manage libvirt) and it worked pretty well, but it's not preventing other users or other applications from connecting to libvirt and controlling the VMs. Does anyone know if we still need this precaution? Is there any new feature of libvirt that we can easily use to seal the access to our VMs? -- Federico _______________________________________________ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel
