On Fri, Jun 01, 2018 at 02:11:12PM +0100, Daniel P. Berrangé wrote:
On Fri, Jun 01, 2018 at 02:46:40PM +0200, Peter Krempa wrote:
> On Fri, Jun 01, 2018 at 13:32:20 +0100, Daniel Berrange wrote:
[...]
> > The reason the config file documents 'root' is
because that is what
> > configure defaults to. If you pass --with-qemu-user to configure,
> > we don't update the config file example though, and perhaps we should.
Thanks for that 'configure' context.
> > Alternatively should we make configure defualt to
'qemu' instead of
> > 'root', since it is generally considered insane to run QEMU as root.
>
> But user 'qemu' is not by default present on all systems. Even the
> libvirt.spec file creates the account.
Yes, that's the reason configure defaults to 'root', but I really hate
the fact that we default to a config that no one should ever run in
practice.
We could check for existance of 'qemu' in configure and complain if
it is missing, but that's painful in itself as it is valid to build
on a host without the user, as long as it exists at runtime.
I tend to think we should just blindly use qemu/qemu by default and
document that creating these accounts is a requirement. Users will
quickly see if they're missing when they try to start a guest.
I'll try to audit what user all the different distributions (that
matter) use to launch QEMU. If they are all are using 'qemu' anyway,
then probably we can just go with 'qemu:qemu', and document the
requirement as such.
> As a second thought, we generally use commented-out bits that
are the
> non-default configuration. So this fits the pattern in the extent that
> any sane distro specified it's own user/group using the configure
> options and if for any reason the user wants to run this as root it's
> done just by uncommenting it.
Most commented out bits are not a security flaw if uncommented though.
The fact that we show 'user=root' in the config file though puts across
the misleading idea that it is a reasonable thing todo, when in fact it
is a horribly insecure thing todo.
Yeah, indeed.
--
/kashyap