[libvirt] [PATCH v1 05/21] virfile: Introduce ACL helpers
Daniel P. Berrange
berrange at redhat.com
Mon Dec 5 13:58:17 UTC 2016
On Mon, Dec 05, 2016 at 02:56:12PM +0100, Michal Privoznik wrote:
> On 05.12.2016 13:36, Daniel P. Berrange wrote:
> > On Thu, Nov 24, 2016 at 03:47:54PM +0100, Michal Privoznik wrote:
> >> Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and
> >> virFileCopyACLs. These functions are going to be required when we
> >> are creating /dev for qemu. We have copy anything that's in
> >> host's /dev exactly as is. Including ACLs.
> >
> > Do we really ?
> >
> > IIUC, udev uses ACLs on /dev in order to grant end users in the desktop
> > session permission on certain device nodes, without chowning the whole
> > device.
> >
> > The device nodes in our private /dev only need to be accessible to the
> > QEMU process we're about to run.
> >
> > So neither existing ownership, group, permissions, nor ACLs matter at
> > all. Our security driver code will chown/grp the device to grant
> > QEMU access and that's all that's needed AFAICT.
> >
> > What am I missing that requires us to preserve ACLs ?
>
> Admins may set ACLs on say /dev/sdb to grant access to some users and
> then use relabel='no' in domain XMLs so that libvirt doesn't mess it up.
> If we want to honour no-relabel flag we must create the device exactly
> as is.
Ah ha. I totally forgot about the no-relabel case.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
More information about the libvir-list
mailing list