On Wed, Aug 19, 2009 at 03:01:59PM +0100, Mark McLoughlin wrote:
On Wed, 2009-08-19 at 14:32 +0100, Daniel P. Berrange wrote:
FYI, I just pushed the following patch to the repo which adds documentation to the website for all the security model related aspects of libvirt's QEMU driver. It should appear here shortly
Looks good, mostly just typos below
ACK etc.
+ <h3><a name="securitydac">POSIX DAC users/groups</a></h3> + + <p> + In the "session" instance, the POSIX DAC model restricts QEMU virtual
Should expand the acronym, it's pretty obscure
Actually they really served little purpose, so i just removed the acronyms entirely.
+ The directories <code>/var/run/libvirt/qemu/</code>, + <code>/var/lib/libvirt/qemu/</code> and + <code>/var/cache/libvirt/qemu/</code> must all have their + ownership set to match the user / group ID that QEMU + guests will be run as. If the vendor has set a non-root + user/group for the QEMU driver at build time, the + permissions should be set automatically at install time. + If a host administrator customizes user/group in + <code>/etc/libvirt/qemu.conf</code>, they will need to + manually set the ownership on these directories.
It's good to have this documented, but I'd much prefer us to handle it automatically
e.g. libvirtd knows that if the permissions on the dir is wrong, the guest won't start
So, it could warn the user, or create an alternative directory and chown it or ...
Yeah, after reading this now I think you're right. We should simply make libvirtd QEMU driver chown the directories it uses when the driver starts up, to match the configured user/group. For a default install this would be a no-op since RPM would have got it right. And it saves pain in the non-default case Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|