[libvirt] libvirt chowning my kernel/initrd files
Eric Blake
eblake at redhat.com
Wed May 16 17:06:07 UTC 2012
On 05/16/2012 10:30 AM, Seth Jennings wrote:
> libvirt dev team,
>
> I'm running libvirtd 0.9.8 and I notice than when I provide a kernel
> path for my VM, libvirt chowns the kernel file I provide to root:root.
>
> I see this was done in 0.7.1
>
> http://libvirt.org/git/?p=libvirt.git;a=commit;h=c42b39784534930791d1feb3de859d85a7848168
>
> Why was this done? It seems to me that the kernel and initrd file
> would be completely read-only from the qemu perspective, and qemu
> would only need read access to the files.
When running qemu as qemu:qemu, the kernel file must be owned by qemu
for the duration of the guest running, and then libvirt reverts it back
when the guest exits. My guess is that libvirt is reverting back to the
wrong permissions, if your file is ending up as root:root at the end of
the day instead of what you wanted.
>
> For unprivileged users without sudo access, this chowning results in
> kernel files that can not be removed or modified.
We've long desired to add ACLs instead of chown'ing a file, where ACLs
are supported, as then we would just revoke the ACL instead of chown'ing
back (and perhaps back to the wrong owner) when the guest goes away.
There's definitely room for improvement in this area of the code; would
you like to help by contributing patches?
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120516/06cf927b/attachment-0001.sig>
More information about the libvir-list
mailing list