[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [Qemu-block] Raw notes from a small block layer/QAPI/so

From: Kashyap Chamarthy
Subject: Re: [Qemu-devel] [Qemu-block] Raw notes from a small block layer/QAPI/something pre-christmas meeting
Date: Wed, 20 Dec 2017 12:29:30 +0100
User-agent: NeoMutt/20171027

On Wed, Dec 20, 2017 at 10:57:40AM +0000, Daniel P. Berrange wrote:
> On Wed, Dec 20, 2017 at 11:44:36AM +0100, Kashyap Chamarthy wrote:
> > On Mon, Dec 18, 2017 at 11:11:00AM +0100, Markus Armbruster wrote:


> > > Another thought: do we want to give qemu-system-* the necessary
> > > privileges for creating images?  Two cases: running with and without a
> > > guest.
> > 
> > Related: Just curious -- was it an explicit design decision to not give
> > `qemu-system-*` permissions to create disk images?
> Our security model considers QEMU broadly untrustworthy, and so any resources
> it needs to use must either be passed in by libvirt, or have permissions
> explicitly assigned to permit usage by QEMU. QEMU is allowed to create tmp
> files, and create RAM files for memory backing, but in general we don't want
> to have QEMU able to create arbitrary files, only open things that are
> already created.

Ah, true.  Thanks for the reminder about the security architecture.
(Also I realize that libvirt launches QEMU as an unprivileged user,
'qemu', which is part of the defense-in-depth approach, along w/ sVirt
mechanism, etc.)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]