[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] security: dac: relabel spice rendernode



On Mon, Jul 17, 2017 at 12:31:50PM -0400, Cole Robinson wrote:
> For a logged in user this a path like /dev/dri/renderD128 will have
> default ownership root:video which won't work for the qemu:qemu user,
> so we need to chown it.
> 
> Thankfully with the namespace work we don't need to worry about this
> shutting out other legitimate users

We support turning off namespaces, in which case this will harm other
users. So at very least we need to make this conditional on namespaces
being enabled.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]