Re: [libvirt] [PATCH v1 05/21] virfile: Introduce ACL helpers
On 05.12.2016 13:36, Daniel P. Berrange wrote:
On Thu, Nov 24, 2016 at 03:47:54PM +0100, Michal Privoznik wrote:
> Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and
> virFileCopyACLs. These functions are going to be required when we
> are creating /dev for qemu. We have copy anything that's in
> host's /dev exactly as is. Including ACLs.
Do we really ?
IIUC, udev uses ACLs on /dev in order to grant end users in the desktop
session permission on certain device nodes, without chowning the whole
device.
The device nodes in our private /dev only need to be accessible to the
QEMU process we're about to run.
So neither existing ownership, group, permissions, nor ACLs matter at
all. Our security driver code will chown/grp the device to grant
QEMU access and that's all that's needed AFAICT.
What am I missing that requires us to preserve ACLs ?
Admins may set ACLs on say /dev/sdb to grant access to some users and
then use relabel='no' in domain XMLs so that libvirt doesn't mess it up.
If we want to honour no-relabel flag we must create the device exactly
as is.
Michal