[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] libvirt chowning my kernel/initrd files



On 05/16/2012 10:30 AM, Seth Jennings wrote:
> libvirt dev team,
> 
> I'm running libvirtd 0.9.8 and I notice than when I provide a kernel
> path for my VM, libvirt chowns the kernel file I provide to root:root.
> 
> I see this was done in 0.7.1
> 
> http://libvirt.org/git/?p=libvirt.git;a=commit;h=c42b39784534930791d1feb3de859d85a7848168
> 
> Why was this done? It seems to me that the kernel and initrd file
> would be completely read-only from the qemu perspective, and qemu
> would only need read access to the files.

When running qemu as qemu:qemu, the kernel file must be owned by qemu
for the duration of the guest running, and then libvirt reverts it back
when the guest exits.  My guess is that libvirt is reverting back to the
wrong permissions, if your file is ending up as root:root at the end of
the day instead of what you wanted.

> 
> For unprivileged users without sudo access, this chowning results in
> kernel files that can not be removed or modified.

We've long desired to add ACLs instead of chown'ing a file, where ACLs
are supported, as then we would just revoke the ACL instead of chown'ing
back (and perhaps back to the wrong owner) when the guest goes away.
There's definitely room for improvement in this area of the code; would
you like to help by contributing patches?

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]