[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Avoid high privileges taint warning for QEMU session driver



On 06/23/2011 08:05 AM, Daniel P. Berrange wrote:
> The code emitting taint warnings was mistakenly thinking
> that guests run from the QEMU session driver were tainted
> for having high privileges. This is of course nonsense
> since the session driver is always unprivileged
> 
> * src/qemu/qemu_domain.c: Don't warn for high privileges in
>   non-privileged QEMU
> ---
>  src/qemu/qemu_domain.c |    7 ++++---
>  1 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index fab316f..3af1c86 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -788,9 +788,10 @@ void qemuDomainObjCheckTaint(struct qemud_driver *driver,
>  {
>      int i;
>  
> -    if (!driver->clearEmulatorCapabilities ||
> -        driver->user == 0 ||
> -        driver->group == 0)
> +    if (driver->privileged &&
> +        (!driver->clearEmulatorCapabilities ||
> +         driver->user == 0 ||
> +         driver->group == 0))

ACK.  I guess even root can give up privileges, which it does in the
session driver.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]