----- Original Message -----
> From: "Daniel P. Berrange" <berra...@redhat.com>
> To: "Federico Simoncelli" <fsimo...@redhat.com>
> Cc: "Lei Li" <li...@linux.vnet.ibm.com>, "Adam Litke" <a...@us.ibm.com>, "Dan
> Kenigsberg" <dan...@redhat.com>, "Ryan
> Harper" <ry...@linux.vnet.ibm.com>, email@example.com, "Ayal
> Baron" <aba...@redhat.com>
> Sent: Monday, May 28, 2012 4:52:38 PM
> Subject: Re: Move some of code from spec file into vdsm-tool function issue
> On Mon, May 28, 2012 at 10:39:08AM -0400, Federico Simoncelli wrote:
> > ----- Original Message -----
> > > From: "Lei Li" <li...@linux.vnet.ibm.com>
> > > To: firstname.lastname@example.org
> > > Cc: "Adam Litke" <a...@us.ibm.com>, "Dan Kenigsberg"
> > > <dan...@redhat.com>, "Federico Simoncelli"
> > > <fsimo...@redhat.com>,
> > > "Ryan Harper" <ry...@linux.vnet.ibm.com>
> > > Sent: Monday, May 28, 2012 11:18:03 AM
> > > Subject: Move some of code from spec file into vdsm-tool function
> > > issue
> > >
> > > Hi guys,
> > >
> > > Adam point out a problem about my patch moving some of the
> > > post and preun section in vdsm spec file into vdsm-tool, and
> > > I have the same concern.
> > >
> > > After some discussion, I'd like to ask for your suggestion
> > > on the patch as link below.
> > >
> > > http://gerrit.ovirt.org/#patch,sidebyside,4528,3,vdsm.spec.in
> > >
> > > Please let me know your idea, thanks!
Ok, then coming to your specific question, my opinion is:
- vdsm should work out of the box even if libvirt doesn't require a password
(polkit should be enough)
- vdsm-tool should (at some point) update the sasl password with the content
of libvirt_password (if present)
- an admin wanting to secure libvirt will create the libvirt_password file and
will use vdsm-tool to make it effective
- if downstream wants to automate this will drop in a %config libvirt_password
file (or maybe generating it runtime as we do with the certificate?) and
will call vdsm-tool accordingly
> > VDSM is/was adding a password to libvirt to prevent anyone or
> > anything
> > (eg: virt-manager, etc...) from managing the VMs that are
> > controlled by
> > VDSM.
> > In general I don't like this idea for a couple of reasons: it's too
> > much
> > intrusive (making modifications that are not expected) and it's
> > using a
> > standard and known password, which is something debatable for many
> > reasons
> > (even if it's doing well it's job of preventing careless mistakes).
> > I already tried to use polkit upstream (so that the vdsm user can
> > manage
> > libvirt) and it worked pretty well, but it's not preventing other
> > users
> > or other applications from connecting to libvirt and controlling
> > the VMs.
> > Does anyone know if we still need this precaution? Is there any new
> > feature
> > of libvirt that we can easily use to seal the access to our VMs?
> Not yet, but the intention is that the role based access control code
> am working on will allow VDSM to drop in a policy file which says
> read-only access to any user, read-write access to VDSM only. Which
> what you were trying to achieve with this password setting.
vdsm-devel mailing list