[libvirt PATCH] remote: use SocketMode=0600 when polkit is not compiled
Jiri Denemark
jdenemar at redhat.com
Thu Sep 3 08:38:20 UTC 2020
On Wed, Sep 02, 2020 at 18:54:36 +0100, Daniel P. Berrangé wrote:
> The systemd .socket unit files we ship for libvirt daemons use
> SocketMode=0666 on the assumption that libvirt is built with
> polkit which provides access control.
>
> Some people, however, may have explicitly turned off polkit at
> build time and not realize that leaves them insecure unless
> they also change the SocketMode. This addresses that problem
> by making the SocketMode default to 0600 when polkit is
> disabled at compile time.
>
> Note we cannot automatically fix the case where the user
> compiles polkit, but then overrides the libvirtd.conf defaults
> to disable polkit. This is what lead to CVE-2020-15708 in
> Ubuntu 20.10. We can at least improve the inline comments
> in the config file to give a clearer warning though, which
> may have helped avoid the mistaken config.
>
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
> src/meson.build | 11 ++++++++++
> src/remote/libvirtd.conf.in | 40 ++++++++++++++++++++++++++---------
> src/remote/libvirtd.socket.in | 2 +-
> 3 files changed, 42 insertions(+), 11 deletions(-)
Reviewed-by: Jiri Denemark <jdenemar at redhat.com>
More information about the libvir-list
mailing list