Re: [libvirt] [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change
On 04/04/2011 05:47 AM, Daniel P. Berrange wrote:
> I'm hoping libvirt's behavior can be made to just work
rather than
> adding new features to QEMU. But perhaps passing file descriptors is
> useful for more than just reopening host devices. This would
> basically be a privilege separation model where the QEMU process isn't
> able to open files itself but can request libvirt to open them on its
> behalf.
It is rather frickin' annoying the way udev resets the ownership
when the media merely changes. If it isn't possible to stop udev
doing this, then i think the only practical thing is to use ACLs
instead of user/group ownership. We wanted to switch to ACLs in
libvirt for other reasons already, but it isn't quite as simple
as it sounds[1] so we've not done it just yet.
Isn't the root of the problem that you're not running a guest in the
expected security context?
How much of a leap would it be to spawn a guest with the credentials of
the user that created/defined it? Or better yet, to let the user be
specified in the XML.
Regards,
Anthony Liguori
Daniel
[1] Mostly due to handling upgrades from existing libvirtd while
VMs are running, and coping with filesystems which don't
support ACLs (or have them turned of by mount options)