[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 0/12] Improve security driver handling & QEMU DAC management



On Wed, Jan 20, 2010 at 03:14:57PM +0000, Daniel P. Berrange wrote:
> This patch series does some work on te security drivers, and the QEMU code
> for managing DAC permissions on files. 
> 
> The core goal is to turn the QEMU driver DAC file management code into a
> security driver. Instead of QEMU calling into the SELinux/AppArmour drivers
> directly, a stacked driver module is introduced. This delegates all operations
> to first the QEMU DAC driver, and then the main SELinux/AppArmour driver. 
> The end result is that all the permissions management code is removed from 
> the QEMU driver, and we're left with just simple security driver calls.
> 
> In the process of this a number of flaws in the current hotplug  code were
> found, and code was generally tidied up with a view to making it easier to
> manage.
> 
> Finally, we add the ability to turn off the QEMU  DAC file managment code,
> and also deal gracefully with failures to change ownership (eg on NFS with
> root squash, or readonly FS).

Thanks for this series. However, it seems that we still have a problem
when trying to save domain to a root-squashing nfs export.
When using qemu directly, as a user with write permissions to that
export, there is no problem. When using libvirt, libvirt tries to write
its own state to the target file. I would not want to pre-create the
target file as world redable.

How about performing open(path, O_CREAT|O_TRUNC|O_WRONLY,
S_IRUSR|S_IWUSR)) with the euid of the qemu process?

Dan.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]