[libvirt] [PATCH v1 05/21] virfile: Introduce ACL helpers
Michal Privoznik
mprivozn at redhat.com
Mon Dec 5 13:56:12 UTC 2016
On 05.12.2016 13:36, Daniel P. Berrange wrote:
> On Thu, Nov 24, 2016 at 03:47:54PM +0100, Michal Privoznik wrote:
>> Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and
>> virFileCopyACLs. These functions are going to be required when we
>> are creating /dev for qemu. We have copy anything that's in
>> host's /dev exactly as is. Including ACLs.
>
> Do we really ?
>
> IIUC, udev uses ACLs on /dev in order to grant end users in the desktop
> session permission on certain device nodes, without chowning the whole
> device.
>
> The device nodes in our private /dev only need to be accessible to the
> QEMU process we're about to run.
>
> So neither existing ownership, group, permissions, nor ACLs matter at
> all. Our security driver code will chown/grp the device to grant
> QEMU access and that's all that's needed AFAICT.
>
> What am I missing that requires us to preserve ACLs ?
Admins may set ACLs on say /dev/sdb to grant access to some users and
then use relabel='no' in domain XMLs so that libvirt doesn't mess it up.
If we want to honour no-relabel flag we must create the device exactly
as is.
Michal
More information about the libvir-list
mailing list