Re: [libvirt] [PATCH v1 05/21] virfile: Introduce ACL helpers
On Thu, Nov 24, 2016 at 03:47:54PM +0100, Michal Privoznik wrote:
Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and
virFileCopyACLs. These functions are going to be required when we
are creating /dev for qemu. We have copy anything that's in
host's /dev exactly as is. Including ACLs.
Do we really ?
IIUC, udev uses ACLs on /dev in order to grant end users in the desktop
session permission on certain device nodes, without chowning the whole
device.
The device nodes in our private /dev only need to be accessible to the
QEMU process we're about to run.
So neither existing ownership, group, permissions, nor ACLs matter at
all. Our security driver code will chown/grp the device to grant
QEMU access and that's all that's needed AFAICT.
What am I missing that requires us to preserve ACLs ?
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|