Re: [libvirt] [PATCH 3/3] Run all VMs without capabilities
On Mon, Jun 22, 2009 at 09:05:24PM +0100, Daniel P. Berrange wrote:
This patch adds a new flag to virExec() called VIR_EXEC_CLEAR_CAPS.
If you set this flag than all capabilities are removed inbetween the
fork() and exec() pair.
It also updates QEMU and UML driver to run their VMs without any privileges.
A mild security benefit for most distros today, but if distros start to
lock down what the unprivileged root user can do, this benefit increases.
It also removes all capabilities from the 'ssh' client spawned by the
remote client, since that shouldn't need any real privileges to open a
tunnel.
IMHO that and the first patch could be applied as is, even if the
other patches a a bit more subtle, that is simple direct and clear
we don't need to wait for this.
+#else
+static int virClearCapabilities(void)
+{
+// VIR_WARN0("libcap-ng support not compiled in, unable to clear
capabilities");
Hum, to be cleaned up one way or another :-)
ACK
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/