[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change



On 04/04/2011 05:47 AM, Daniel P. Berrange wrote:
I'm hoping libvirt's behavior can be made to just work rather than
adding new features to QEMU.  But perhaps passing file descriptors is
useful for more than just reopening host devices.  This would
basically be a privilege separation model where the QEMU process isn't
able to open files itself but can request libvirt to open them on its
behalf.
It is rather frickin' annoying the way udev resets the ownership
when the media merely changes. If it isn't possible to stop udev
doing this, then i think the only practical thing is to use ACLs
instead of user/group ownership. We wanted to switch to ACLs in
libvirt for other reasons already, but it isn't quite as simple
as it sounds[1] so we've not done it just yet.

Isn't the root of the problem that you're not running a guest in the expected security context?

How much of a leap would it be to spawn a guest with the credentials of the user that created/defined it? Or better yet, to let the user be specified in the XML.

Regards,

Anthony Liguori

Daniel

[1] Mostly due to handling upgrades from existing libvirtd while
     VMs are running, and coping with filesystems which don't
     support ACLs (or have them turned of by mount options)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]