[libvirt] libguestfs integration: rich disk access for libvirt applications

Eric Blake eblake at redhat.com
Wed Sep 28 18:00:49 UTC 2011

On 09/28/2011 11:52 AM, Richard W.M. Jones wrote:
>> We do have a historical syntax from Xen paravirt which lets us call out
>> to a helper at boot time, namely the "<bootloader>" element. With Xen
>> this is typically something like pygrub, or pxegrub, which does some
>> work and writes out a kernel+initrd into temporary files, and prints
>> the file paths + any kernel args on stdout.
>> We could just wire up this concept in KVM too without any real trouble,
>> and then we could have guestfs-bootloader script todo the magic setup
> I'm fine with this.
> Are there security implications to allowing users to add<bootloader>
> clauses pointing at random scripts that get run on remote machines as
> different users?

No more so than the fact that we let random clients specify <disk> 
devices to random devices on remote machines.  Right now, granting 
non-read-only connection rights to a user effectively gives them root 
access to the machine.  There's eventual plans to further restrict 
things via per-command ACLs, and this should be considered during those 
plans, but until then, I don't see it as any larger a hole than anything 
else already present in libvirt design.

Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

More information about the libvir-list mailing list