remote: remove some __sun conditionals

The libvirtd daemon has some arbitrary logic to drop privileges, but only on Solaris platforms. This was added during Xen days, when Xen was the only driver running in libvirtd. There's no expectation or testing that this works with the new libxl stack, nor whether dropping privileges breaks any of the secondary drivers. Finally, we'll be splitting drivers out into their own independant daemons, so this won't be applicable to libvirtd in future anyway. The remote driver client meanwhile arbitrarily disables daemon auto-spawn when connecting as non-root, breaking a key feature of libvirt unprivileged connections. Since we've not had any contributions for Solaris since circa 2012 and we don't do any CI testing we should consider this platform unmaintained and thus reasonable to remove this cruft. If someone steps forward to maintain Solaris again, this code would need re-evaluating to come up with something more targetted. There's various __sun conditionals in the Xen driver code, but those are not touched. This is all for the legacy Xen driver, which will be entirely removed at some point in future, so not benefit to hacking out just the Solaris parts. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-04-01 20:05:19 +00:00 · 2018-03-23 10:50:59 +00:00 · 2018-03-23 10:50:59 +00:00 · da1ade7a52
commit da1ade7a52
parent 42900ec622
2 changed files with 0 additions and 35 deletions
--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@ -675,30 +675,6 @@ daemonVersion(const char *argv0)
    printf("%s (%s) %s\n", argv0, PACKAGE_NAME, PACKAGE_VERSION);
 }

-#ifdef __sun
-static int
-daemonSetupPrivs(void)
-{
-    chown("/var/run/libvirt", SYSTEM_UID, SYSTEM_UID);
-
-    if (__init_daemon_priv(PU_RESETGROUPS | PU_CLEARLIMITSET,
-                           SYSTEM_UID, SYSTEM_UID, PRIV_XVM_CONTROL, NULL)) {
-        VIR_ERROR(_("additional privileges are required"));
-        return -1;
-    }
-
-    if (priv_set(PRIV_OFF, PRIV_ALLSETS, PRIV_FILE_LINK_ANY, PRIV_PROC_INFO,
-                 PRIV_PROC_SESSION, PRIV_PROC_EXEC, PRIV_PROC_FORK, NULL)) {
-        VIR_ERROR(_("failed to set reduced privileges"));
-        return -1;
-    }
-
-    return 0;
-}
-#else
-# define daemonSetupPrivs() 0
-#endif
-

 static void daemonShutdownHandler(virNetDaemonPtr dmn,
                                  siginfo_t *sig ATTRIBUTE_UNUSED,
@ -1336,15 +1312,6 @@ int main(int argc, char **argv) {
        goto cleanup;
    }

-    /* Beyond this point, nothing should rely on using
-     * getuid/geteuid() == 0, for privilege level checks.
-     */
-    VIR_DEBUG("Dropping privileges (if required)");
-    if (daemonSetupPrivs() < 0) {
-        ret = VIR_DAEMON_ERR_PRIVS;
-        goto cleanup;
-    }
-
    daemonInitialize();

    remoteProcs[REMOTE_PROC_AUTH_LIST].needAuth = false;
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@ -1350,7 +1350,6 @@ remoteConnectOpen(virConnectPtr conn,
     */
    if (!conn->uri) {
        VIR_DEBUG("Auto-probe remote URI");
-#ifndef __sun
        if (geteuid() > 0) {
            VIR_DEBUG("Auto-spawn user daemon instance");
            rflags |= VIR_DRV_OPEN_REMOTE_USER;
@ -1359,7 +1358,6 @@ remoteConnectOpen(virConnectPtr conn,
                 STRNEQ(autostart, "0")))
                rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
        }
-#endif
    }

    ret = doRemoteOpen(conn, priv, auth, conf, rflags);