[libvirt] PATCH: Remove all getuid==0 checks from code
Serge E. Hallyn
serue at us.ibm.com
Tue Jun 2 13:29:47 UTC 2009
Quoting Daniel P. Berrange (berrange at redhat.com):
> This patch is preparing the way for future work on allowing the libvirtd
> daemon to run as a less-privileged user ID. The idea is that we will
> switch from 'root' to 'libvirtd', but use Linux capabilties to keep the
> handful of higher privileges we need for our work. Thus any code which
> does a check of 'getuid() == 0' is guarenteed to break [1].
>
> The way this patch approaches this problem, is to change the driver
> initialization function virStateInitialize() to have it be passed in a
> 'int privileged' flag from the libvirtd daemon. Each driver is updated
> to record this flag, and use it for checks where needed. The only real
> exception is the Xen driver, where we simply check access(2) against
> the file we need to open.
Hi Daniel,
just a few questions:
...
> diff -r 5e3b5d1f91c2 qemud/qemud.c
...
> @@ -2871,7 +2870,7 @@ int main(int argc, char **argv) {
> sigaction(SIGPIPE, &sig_action, NULL);
>
> /* Ensure the rundir exists (on tmpfs on some systems) */
> - if (geteuid () == 0) {
> + if (getuid() == 0) {
Why this change?
...
> diff -r 5e3b5d1f91c2 src/qemu_driver.c
> --- a/src/qemu_driver.c Thu May 21 16:21:20 2009 +0100
> +++ b/src/qemu_driver.c Thu May 21 16:27:16 2009 +0100
> @@ -130,24 +130,26 @@ static struct qemud_driver *qemu_driver
>
>
> static int
> -qemudLogFD(virConnectPtr conn, const char* logDir, const char* name)
> +qemudLogFD(virConnectPtr conn, struct qemud_driver *driver, const char* name)
> {
> char logfile[PATH_MAX];
> mode_t logmode;
> - uid_t uid = geteuid();
> int ret, fd = -1;
>
> - if ((ret = snprintf(logfile, sizeof(logfile), "%s/%s.log", logDir, name))
> + if ((ret = snprintf(logfile, sizeof(logfile), "%s/%s.log",
> + driver->logDir, name))
> < 0 || ret >= sizeof(logfile)) {
> virReportOOMError(conn);
> return -1;
> }
>
> logmode = O_CREAT | O_WRONLY;
> - if (uid != 0)
> + /* Only logrotate files in /var/log, so only append if running privileged */
> + if (driver->privileged)
> + logmode |= O_APPEND;
> + else
> logmode |= O_TRUNC;
> - else
> - logmode |= O_APPEND;
Hmm, so if I run as unpriv user my logfiles will always be truncated?
thanks,
-serge
More information about the libvir-list
mailing list