[libvirt] PATCH: Remove all getuid==0 checks from code

Serge E. Hallyn serue at us.ibm.com
Tue Jun 2 13:29:47 UTC 2009 

Quoting Daniel P. Berrange (berrange at redhat.com):
> This patch is preparing the way for future work on allowing the libvirtd
> daemon to run as a less-privileged user ID. The idea is that we will 
> switch from 'root' to 'libvirtd', but use Linux capabilties to keep the
> handful of higher privileges we need for our work. Thus any code which
> does a check of 'getuid() == 0' is guarenteed to break [1].
> 
> The way this patch approaches this problem, is to change the driver
> initialization function virStateInitialize() to have it be passed in a
> 'int privileged' flag from the libvirtd daemon. Each driver is updated
> to record this flag, and use it for checks where needed. The only real
> exception is the Xen driver, where we simply check access(2) against
> the file we need to open.

Hi Daniel,

just a few questions:

...

> diff -r 5e3b5d1f91c2 qemud/qemud.c
...
> @@ -2871,7 +2870,7 @@ int main(int argc, char **argv) {
>      sigaction(SIGPIPE, &sig_action, NULL);
> 
>      /* Ensure the rundir exists (on tmpfs on some systems) */
> -    if (geteuid () == 0) {
> +    if (getuid() == 0) {

Why this change?

...

> diff -r 5e3b5d1f91c2 src/qemu_driver.c
> --- a/src/qemu_driver.c	Thu May 21 16:21:20 2009 +0100
> +++ b/src/qemu_driver.c	Thu May 21 16:27:16 2009 +0100
> @@ -130,24 +130,26 @@ static struct qemud_driver *qemu_driver 
> 
> 
>  static int
> -qemudLogFD(virConnectPtr conn, const char* logDir, const char* name)
> +qemudLogFD(virConnectPtr conn, struct qemud_driver *driver, const char* name)
>  {
>      char logfile[PATH_MAX];
>      mode_t logmode;
> -    uid_t uid = geteuid();
>      int ret, fd = -1;
> 
> -    if ((ret = snprintf(logfile, sizeof(logfile), "%s/%s.log", logDir, name))
> +    if ((ret = snprintf(logfile, sizeof(logfile), "%s/%s.log",
> +                        driver->logDir, name))
>          < 0 || ret >= sizeof(logfile)) {
>          virReportOOMError(conn);
>          return -1;
>      }
> 
>      logmode = O_CREAT | O_WRONLY;
> -    if (uid != 0)
> +    /* Only logrotate files in /var/log, so only append if running privileged */
> +    if (driver->privileged)
> +        logmode |= O_APPEND;
> +    else
>          logmode |= O_TRUNC;
> -    else
> -        logmode |= O_APPEND;

Hmm, so if I run as unpriv user my logfiles will always be truncated?

thanks,
-serge

More information about the libvir-list mailing list