[libvirt] [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change
Anthony Liguori
aliguori at us.ibm.com
Mon Apr 4 13:02:26 UTC 2011
On 04/04/2011 05:47 AM, Daniel P. Berrange wrote:
>> I'm hoping libvirt's behavior can be made to just work rather than
>> adding new features to QEMU. But perhaps passing file descriptors is
>> useful for more than just reopening host devices. This would
>> basically be a privilege separation model where the QEMU process isn't
>> able to open files itself but can request libvirt to open them on its
>> behalf.
> It is rather frickin' annoying the way udev resets the ownership
> when the media merely changes. If it isn't possible to stop udev
> doing this, then i think the only practical thing is to use ACLs
> instead of user/group ownership. We wanted to switch to ACLs in
> libvirt for other reasons already, but it isn't quite as simple
> as it sounds[1] so we've not done it just yet.
Isn't the root of the problem that you're not running a guest in the
expected security context?
How much of a leap would it be to spawn a guest with the credentials of
the user that created/defined it? Or better yet, to let the user be
specified in the XML.
Regards,
Anthony Liguori
> Daniel
>
> [1] Mostly due to handling upgrades from existing libvirtd while
> VMs are running, and coping with filesystems which don't
> support ACLs (or have them turned of by mount options)
More information about the libvir-list
mailing list