[libvirt] [PATCH] Avoid high privileges taint warning for QEMU session driver
Eric Blake
eblake at redhat.com
Thu Jun 23 14:37:47 UTC 2011
On 06/23/2011 08:05 AM, Daniel P. Berrange wrote:
> The code emitting taint warnings was mistakenly thinking
> that guests run from the QEMU session driver were tainted
> for having high privileges. This is of course nonsense
> since the session driver is always unprivileged
>
> * src/qemu/qemu_domain.c: Don't warn for high privileges in
> non-privileged QEMU
> ---
> src/qemu/qemu_domain.c | 7 ++++---
> 1 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index fab316f..3af1c86 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -788,9 +788,10 @@ void qemuDomainObjCheckTaint(struct qemud_driver *driver,
> {
> int i;
>
> - if (!driver->clearEmulatorCapabilities ||
> - driver->user == 0 ||
> - driver->group == 0)
> + if (driver->privileged &&
> + (!driver->clearEmulatorCapabilities ||
> + driver->user == 0 ||
> + driver->group == 0))
ACK. I guess even root can give up privileges, which it does in the
session driver.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110623/e6821f8f/attachment-0001.sig>
More information about the libvir-list
mailing list