Re: [libvirt] PATCH: Remove all getuid==0 checks from code

Quoting Daniel P. Berrange (berrange(a)redhat.com): > This patch is preparing the way for future work on allowing the libvirtd > daemon to run as a less-privileged user ID. The idea is that we will > switch from 'root' to 'libvirtd', but use Linux capabilties to keep the > handful of higher privileges we need for our work. Thus any code which > does a check of 'getuid() == 0' is guarenteed to break [1]. > > The way this patch approaches this problem, is to change the driver > initialization function virStateInitialize() to have it be passed in a > 'int privileged' flag from the libvirtd daemon. Each driver is updated > to record this flag, and use it for checks where needed. The only real > exception is the Xen driver, where we simply check access(2) against > the file we need to open. Hi Daniel, just a few questions: ... > diff -r 5e3b5d1f91c2 qemud/qemud.c ... > @@ -2871,7 +2870,7 @@ int main(int argc, char **argv) { > sigaction(SIGPIPE, &sig_action, NULL); > > /* Ensure the rundir exists (on tmpfs on some systems) */ > - if (geteuid () == 0) { > + if (getuid() == 0) { Why this change?

> logmode = O_CREAT | O_WRONLY; > - if (uid != 0) > + /* Only logrotate files in /var/log, so only append if running privileged */ > + if (driver->privileged) > + logmode |= O_APPEND; > + else > logmode |= O_TRUNC; > - else > - logmode |= O_APPEND; Hmm, so if I run as unpriv user my logfiles will always be truncated?