[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qem

From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu
Date: Thu, 05 Nov 2009 08:50:32 -0600
User-agent: Thunderbird (X11/20090825)

Avi Kivity wrote:
On 11/05/2009 04:33 PM, Avi Kivity wrote:
and concerned that we're loosening security for qemu non-users.

I see you've addressed this via an acl system. Still, this is IMO should be outside qemu, esp. as security is now much more than users/groups (i.e. selinux and friends).

Actually, I think this model is pretty close to what the latest crazes are in the security world. The model you're advocating (privileged process handing over a fd) is not as secure because it requires that the management daemon runs as a privileged user. There's nothing about this that prevents the use of a management framework. In fact, had this existed when libvirt was first written, I'd hope libvirt would have used this mechanism instead of fd inheritance.

Management software is really just another user. We really want management software to run unprivileged as much as possible.


Anthony Liguori

reply via email to

[Prev in Thread] Current Thread [Next in Thread]