[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Using unix domain sockets with serial devices



On Tue, Jul 09, 2013 at 10:12:59PM -0400, Chris Lalancette wrote:
> Hello,
>      The Oz automated install program (http://github.com/clalancette/oz)
> uses a serial device inside a guest to communicate the guest IP address to
> a listener on the host; once the host has the IP address, other
> customization steps can take place.
>      This serial device in the guest is currently backed by a TCP socket on
> the host.  I use the following libvirt XML snippet to set this up:
> 
> <serial type="tcp">
>   <source mode="bind" host="127.0.0.1" service="9412"/>
>   <protocol type="raw"/>
>   <target port="1"/>
> </serial>
> 
> DanB points out that this is probably insecure, and we should use named
> pipes or Unix domain sockets instead.  I was able to implement Unix domain
> sockets with a few minor changes to Oz, but I'm running into a permissions
> problem.
>     Essentially, the problem is that when you run Oz as a regular, non-root
> user, there is no convenient place on the filesystem where both the qemu
> user can read and write the socket, and where the user that is running Oz
> can read the socket.  I've tried using /var/lib/libvirt/qemu/*.port, but
> that directory is 0650, so the regular user has no permission to it.
> Similarly, the qemu user may not have permission to read the users home
> directory, so I can't really put it there either.
>     Does anyone have any ideas of what I might do here?  I'm open to
> changing to any of Unix domain sockets, pipes, UDP sockets, or whatever,
> but it has to work for both root and non-root users.

The fact that a non-root user can't connect to any of those resources
is in fact a security feature. Otherwise it'd be just as bad as using
the localhost TCP socket.

If Oz is running non-root, why isn't it using qemu:///session so that
the VMs run as non-root too, then you don't have this privilege
separation problem to hack around ?

If you really must run it as root, then instead of opening the device
directly, you could use the new  virDomainOpenChannel() API to open a
virStreamPtr connected to the serial device for doing I/O through.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]