[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 3/3] Run all VMs without capabilities

On Mon, Jun 22, 2009 at 09:05:24PM +0100, Daniel P. Berrange wrote:
> This patch adds a new flag to virExec() called  VIR_EXEC_CLEAR_CAPS.
> If you set this flag than all capabilities are removed inbetween the
> fork() and exec() pair. 
> It also updates QEMU and UML driver to run their VMs without any privileges.
> A mild security benefit for most distros today, but if distros start to
> lock down what the unprivileged root user can do, this benefit increases.
> It also removes all capabilities from the 'ssh' client spawned by the 
> remote client, since that shouldn't need any real privileges to open a
> tunnel.

  IMHO that and the first patch could be applied as is, even if the
  other patches a a bit more subtle, that is simple direct and clear
  we don't need to wait for this.

> +#else
> +static int virClearCapabilities(void)
> +{
> +//    VIR_WARN0("libcap-ng support not compiled in, unable to clear capabilities");

  Hum, to be cleaned up one way or another :-)



Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]