[libvirt] Using unix domain sockets with serial devices
Daniel P. Berrange
berrange at redhat.com
Wed Jul 10 08:25:42 UTC 2013
On Tue, Jul 09, 2013 at 10:12:59PM -0400, Chris Lalancette wrote:
> Hello,
> The Oz automated install program (http://github.com/clalancette/oz)
> uses a serial device inside a guest to communicate the guest IP address to
> a listener on the host; once the host has the IP address, other
> customization steps can take place.
> This serial device in the guest is currently backed by a TCP socket on
> the host. I use the following libvirt XML snippet to set this up:
>
> <serial type="tcp">
> <source mode="bind" host="127.0.0.1" service="9412"/>
> <protocol type="raw"/>
> <target port="1"/>
> </serial>
>
> DanB points out that this is probably insecure, and we should use named
> pipes or Unix domain sockets instead. I was able to implement Unix domain
> sockets with a few minor changes to Oz, but I'm running into a permissions
> problem.
> Essentially, the problem is that when you run Oz as a regular, non-root
> user, there is no convenient place on the filesystem where both the qemu
> user can read and write the socket, and where the user that is running Oz
> can read the socket. I've tried using /var/lib/libvirt/qemu/*.port, but
> that directory is 0650, so the regular user has no permission to it.
> Similarly, the qemu user may not have permission to read the users home
> directory, so I can't really put it there either.
> Does anyone have any ideas of what I might do here? I'm open to
> changing to any of Unix domain sockets, pipes, UDP sockets, or whatever,
> but it has to work for both root and non-root users.
The fact that a non-root user can't connect to any of those resources
is in fact a security feature. Otherwise it'd be just as bad as using
the localhost TCP socket.
If Oz is running non-root, why isn't it using qemu:///session so that
the VMs run as non-root too, then you don't have this privilege
separation problem to hack around ?
If you really must run it as root, then instead of opening the device
directly, you could use the new virDomainOpenChannel() API to open a
virStreamPtr connected to the serial device for doing I/O through.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list