[Libguestfs] [PATCH for discussion only] lib: libvirt: If root, run qemu subprocess as root.root.
Richard W.M. Jones
rjones at redhat.com
Mon May 21 17:22:06 UTC 2018
libvirt doesn't have a concept of "session qemu" for root:
https://bugzilla.redhat.com/show_bug.cgi?id=890291
When a libguestfs-using process runs as root, and libvirt runs a qemu
subprocess, the qemu subprocess is run as a non-root user (typically
qemu.qemu). This causes various problems, for example if we try to
open a file which is readable by root but unreadable by qemu.qemu then
the operation will fail.
This can be changed globally via a configuration file, but it can also
be changed by using a <seclabel/> clause in the XML (although I think
that's not the only effect):
<seclabel type="static" model="dac" relabel="no">
<label>0:0</label>
</seclabel>
This patch makes that change.
I notice that after this change, qemu is indeed running as root.
However the file being examined still gets relabelled by SELinux (to
virt_content_t IIRC). Maybe this relabelling is in fact desirable.
Also as you can see from the patch there are cases where we use
another <seclabel model='selinux'/> element to set labels to a known
value. It's not clear if we can include both <seclabel/> elements.
The patch as shown overrides the selinux seclabel if running as root.
Rich.
More information about the Libguestfs
mailing list