[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [virt-tools-list] virt-what and security?



On Wed, Jul 06, 2011 at 10:33:18AM +0100, Daniel P. Berrange wrote:
> On Wed, Jul 06, 2011 at 10:15:10AM +0100, Richard W.M. Jones wrote:
> > On Tue, Jul 05, 2011 at 10:06:01PM -0700, Stephen Hemminger wrote:
> > [...]
> > > Why can lscpu find the same information without being root?
> > > Most of the checks (cpuid, file locations etc) can be found out
> > > by non-root. Only dmidecode seems to require trust, aren't there
> > > enough ways to find out without using dmidecode?
> > 
> > Yes, we can probably make virt-what run as non-root, although some
> > tests (the ones relying on dmidecode) will have to be disabled.
> 
> On more recent kernels, some of the DMI information is also available
> unprivileged under /sys/devices/virtual/dmi/, so you may only need to
> run the dmidecode binary on older guests

Thanks Stephen, Daniel.

I am tracking this issue in the following bug:

https://bugzilla.redhat.com/show_bug.cgi?id=719611

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]