Recommended volume permissions (being created for vagrant-libvirt via fog-libvirt)
daragh.bailey at gmail.com
Mon May 31 14:42:37 UTC 2021
On Thu, 27 May 2021 at 13:34, Michal Prívozník <mprivozn at redhat.com> wrote:
> Disks can contain various secrets (passwords, certificates, private
> keys, etc.). Historically, libvirt set seclabel on anything that QEMU
> needed access to and then returned it to root:root when QEMU no longer
> needed it, exactly because we could not tell if some sensitive info was
> stored in a file or not.
> With recent enough libvirt (5.6.0 or newer) libvirt remember the
> original seclabel (owner + SELinux label) and restores them afterwards.
> The mode is untouched though.
Does the typical SELinux label prevent other users on the system from
reading the VM image file even if it has o+r set on it? I'm hazy enough on
SELinux that I don't want to make any invalid assumptions.
> I'd say that if somebody wants a disk to be "shared", e.g. readable by
> other users on the system, they can put <shareable/> stanza into disk
> XML. But then again - libvirt doesn't change the mode. So I think it's
> up to vagrant to decide.
I think requiring an explicit decision to share is probably the best
approach and better to keep that as part of the requirements before
enabling o+r on the mode. Thanks, that's a very useful suggestion.
"Nothing is foolproof to a sufficiently talented fool"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the libvir-list