[libvirt] [PATCH] qemu: Add a qemu.conf option for clearing capabilities
Eric Blake
eblake at redhat.com
Fri May 28 13:16:28 UTC 2010
On 05/27/2010 05:24 PM, Cole Robinson wrote:
> Currently there is no way to opt out of libvirt dropping POSIX
> capabilities for qemu. This at least is a useful debugging tool, but
> is also wanted by users (and distributors):
>
> https://bugzilla.redhat.com/show_bug.cgi?id=559154
> https://bugzilla.redhat.com/show_bug.cgi?id=573850
>
> Signed-off-by: Cole Robinson <crobinso at redhat.com>
> ---
> src/qemu/qemu.conf | 5 +++++
> src/qemu/qemu_conf.c | 5 +++++
> src/qemu/qemu_conf.h | 2 +-
> src/qemu/qemu_driver.c | 11 +++++++++--
> 4 files changed, 20 insertions(+), 3 deletions(-)
>
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index 98a1176..b976dcc 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -178,3 +178,8 @@
> # QEMU_AUDIO_DRV environment variable when using VNC.
> #
> # vnc_allow_host_audio = 0
> +#
> +
> +# If clear_emulator_capabilities is enabled, libvirt will drop all POSIX
> +# capabilities of the QEmu/KVM emulator. This is enabled by default
> +# clear_emulator_capabilities = 1
s/POSIX/privileged/ - POSIX doesn't say anything about superuser
privileges, so we aren't dropping POSIX capabilities.
Leaving qemu privileged means that a compromised guest can exploit the
privileges and do damage to the hypervisor; is it worth adding
additional comments warning the user about the lack of security inherent
in clearing the option?
ACK with that wording tweak.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100528/a2290c75/attachment-0001.sig>
More information about the libvir-list
mailing list