|
From: | Anthony Liguori |
Subject: | Re: [libvirt] [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change |
Date: | Mon, 04 Apr 2011 09:19:36 -0500 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Lightning/1.0b2 Thunderbird/3.1.8 |
On 04/04/2011 08:16 AM, Daniel P. Berrange wrote:
That doesn't really have any impact. If a desktop user is logged in, udev may change the ownership to match that user, but if they aren't, then udev may reset it to root:disk. Either way, QEMU may loose permissions to the disk.
Then if you create a guest without being in the 'disk' group, it'll fail. That's pretty expected AFAICT.
But with libvirt today, when you launch a guest, your security context doesn't matter and there's no way you can control what context the guest gets. libvirt is essentially creating it's own authorization mechanism. Supporting ACLs goes much further down that path.
How much of a leap would it be to spawn a guest with the credentials of the user that created/defined it? Or better yet, to let the user be specified in the XML.That's a completely independent RFE which won't fix this issue in the general case.
I think it really does. Regards, Anthony Liguori
Regards, Daniel
[Prev in Thread] | Current Thread | [Next in Thread] |