|
| From: | Anthony Liguori |
| Subject: | Re: [libvirt] [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change |
| Date: | Mon, 04 Apr 2011 08:02:26 -0500 |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Lightning/1.0b2 Thunderbird/3.1.8 |
On 04/04/2011 05:47 AM, Daniel P. Berrange wrote:
I'm hoping libvirt's behavior can be made to just work rather than adding new features to QEMU. But perhaps passing file descriptors is useful for more than just reopening host devices. This would basically be a privilege separation model where the QEMU process isn't able to open files itself but can request libvirt to open them on its behalf.It is rather frickin' annoying the way udev resets the ownership when the media merely changes. If it isn't possible to stop udev doing this, then i think the only practical thing is to use ACLs instead of user/group ownership. We wanted to switch to ACLs in libvirt for other reasons already, but it isn't quite as simple as it sounds[1] so we've not done it just yet.
Isn't the root of the problem that you're not running a guest in the expected security context?
How much of a leap would it be to spawn a guest with the credentials of the user that created/defined it? Or better yet, to let the user be specified in the XML.
Regards, Anthony Liguori
Daniel
[1] Mostly due to handling upgrades from existing libvirtd while
VMs are running, and coping with filesystems which don't
support ACLs (or have them turned of by mount options)
| [Prev in Thread] | Current Thread | [Next in Thread] |